feat: login form submission

2 years ago · 3b6a5938d7
parent dba0834eff
commit 3b6a5938d7
2 changed files with 62 additions and 2 deletions
--- a/src/pages/auth/login.rs
+++ b/src/pages/auth/login.rs
@ -69,6 +69,32 @@ pub async fn get_login(data: AppData) -> impl Responder {

 pub fn services(cfg: &mut web::ServiceConfig) {
    cfg.service(get_login);
+    cfg.service(login_submit);
+}
+
+#[my_codegen::post(path = "PAGES.auth.login")]
+pub async fn login_submit(
+    id: Identity,
+    payload: web::Form<LoginPayload>,
+    query: web::Query<RedirectQuery>,
+    data: AppData,
+    db: crate::DB,
+) -> PageResult<impl Responder, Login> {
+    let username = data
+        .login(&(**db), &payload)
+        .await
+        .map_err(|e| PageError::new(Login::new(&data.settings, Some(&payload)), e))?;
+    id.remember(username);
+    let query = query.into_inner();
+    if let Some(redirect_to) = query.redirect_to {
+        Ok(HttpResponse::Found()
+            .insert_header((http::header::LOCATION, redirect_to))
+            .finish())
+    } else {
+        Ok(HttpResponse::Found()
+            .insert_header((http::header::LOCATION, PAGES.home))
+            .finish())
+    }
 }

 #[cfg(test)]
--- a/src/pages/auth/test.rs
+++ b/src/pages/auth/test.rs
@ -14,6 +14,7 @@
 * You should have received a copy of the GNU Affero General Public License
 * along with this program.  If not, see <https://www.gnu.org/licenses/>.
 */
+use actix_auth_middleware::GetLoginRoute;

 use actix_web::http::header;
 use actix_web::http::StatusCode;
@ -21,7 +22,7 @@ use actix_web::test;

 use super::*;

-use crate::data::api::v1::auth::Register;
+use crate::data::api::v1::auth::{Login, Register};
 use crate::data::Data;
 use crate::errors::*;
 use crate::tests::*;
@ -81,7 +82,40 @@ async fn auth_works(data: Arc<Data>, db: BoxDB) {
    assert_eq!(resp.status(), StatusCode::FOUND);
    let headers = resp.headers();
    assert_eq!(headers.get(header::LOCATION).unwrap(), PAGES.auth.login);
-    let _ = data.delete_user(&db, NAME, PASSWORD).await;
+
+    // sign in
+    let msg = Login {
+        login: NAME.into(),
+        password: PASSWORD.into(),
+    };
+    let resp = test::call_service(
+        &app,
+        post_request!(&msg, PAGES.auth.login, FORM).to_request(),
+    )
+    .await;
+    assert_eq!(resp.status(), StatusCode::FOUND);
+    let headers = resp.headers();
+    assert_eq!(headers.get(header::LOCATION).unwrap(), PAGES.home);
+
+    // redirect after signin
+    let redirect = "/foo/bar/nonexistantuser";
+    let url = PAGES.get_login_route(Some(redirect));
+    let resp = test::call_service(&app, post_request!(&msg, &url, FORM).to_request()).await;
+    assert_eq!(resp.status(), StatusCode::FOUND);
+    let headers = resp.headers();
+    assert_eq!(headers.get(header::LOCATION).unwrap(), &redirect);
+
+    // wrong password signin
+    let msg = Login {
+        login: NAME.into(),
+        password: NAME.into(),
+    };
+    let resp = test::call_service(
+        &app,
+        post_request!(&msg, PAGES.auth.login, FORM).to_request(),
+    )
+    .await;
+    assert_eq!(resp.status(), ServiceError::WrongPassword.status_code());
 }

 async fn serverside_password_validation_works(data: Arc<Data>, db: BoxDB) {