peach-workspace/peach-web/src/routes/authentication/change.rs

use log::info;
use maud::{html, PreEscaped};
use peach_lib::password_utils;
use rouille::{post_input, try_or_400, Request, Response};

use crate::{
    error::PeachWebError,
    templates,
    utils::{
        flash::{FlashRequest, FlashResponse},
        theme,
    },
};

// HELPER AND ROUTES FOR /auth/change (GET and POST)

/// Password change form template builder.
pub fn build_template(request: &Request) -> PreEscaped<String> {
    // check for flash cookies; will be (None, None) if no flash cookies are found
    let (flash_name, flash_msg) = request.retrieve_flash();

    let form_template = html! {
        (PreEscaped("<!-- CHANGE PASSWORD FORM -->"))
        div class="card center" {
            form id="changePassword" class="center" action="/auth/change" method="post" {
                div style="display: flex; flex-direction: column; margin-bottom: 1rem;" {
                    (PreEscaped("<!-- input for current password -->"))
                    label for="currentPassword" class="center label-small font-gray" style="width: 80%;" { "CURRENT PASSWORD" }
                    input id="currentPassword" class="center input" name="current_password" type="password" title="Current password" autofocus;
                    (PreEscaped("<!-- input for new password -->"))
                    label for="newPassword" class="center label-small font-gray" style="width: 80%;" { "NEW PASSWORD" }
                    input id="newPassword" class="center input" name="new_password1" type="password" title="New password";
                    (PreEscaped("<!-- input for duplicate new password -->"))
                    label for="newPasswordDuplicate" class="center label-small font-gray" style="width: 80%;" { "RE-ENTER NEW PASSWORD" }
                    input id="newPasswordDuplicate" class="center input" name="new_password2" type="password" title="New password duplicate";
                    (PreEscaped("<!-- save (form submission) button -->"))
                    input id="savePassword" class="button button-primary center" title="Add" type="submit" value="Save";
                    a class="button button-secondary center" href="/settings/admin" title="Cancel"{ "Cancel" }
                }
            }
            // render flash message if cookies were found in the request
            @if let (Some(name), Some(msg)) = (flash_name, flash_msg) {
                (PreEscaped("<!-- FLASH MESSAGE -->"))
                (templates::flash::build_template(name, msg))
            }
        }
    };

    // wrap the nav bars around the settings menu template content
    // parameters are template, title and back url
    let body =
        templates::nav::build_template(form_template, "Change Password", Some("/settings/admin"));

    // query the current theme so we can pass it into the base template builder
    let theme = theme::get_theme();

    // render the base template with the provided body
    templates::base::build_template(body, theme)
}

/// Verify, validate and set a new password, overwriting the current password.
pub fn save_password(
    current_password: &str,
    new_password1: &str,
    new_password2: &str,
) -> Result<(), PeachWebError> {
    info!(
        "Attempting password change: {} {} {}",
        current_password, new_password1, new_password2
    );

    // check that the supplied value matches the actual current password
    password_utils::verify_password(current_password)?;

    // ensure that both new_password values match
    password_utils::validate_new_passwords(new_password1, new_password2)?;

    // hash the password and save the hash to file
    password_utils::set_new_password(new_password1)?;

    Ok(())
}

/// Parse current and new passwords from the submitted form, save the new
/// password hash to file (`/var/lib/peachcloud/config.yml`) and redirect
/// to the change password form URL.
pub fn handle_form(request: &Request) -> Response {
    // query the request body for form data
    // return a 400 error if the admin_id field is missing
    let data = try_or_400!(post_input!(request, {
        current_password: String,
        new_password1: String,
        new_password2: String,
    }));

    // save submitted admin id to file
    // match on the result and set flash name and msg accordingly
    let (flash_name, flash_msg) = match save_password(
        &data.current_password,
        &data.new_password1,
        &data.new_password2,
    ) {
        Ok(_) => (
            // <cookie-name>=<cookie-value>
            "flash_name=success".to_string(),
            "flash_msg=New password has been saved".to_string(),
        ),
        Err(err) => (
            "flash_name=error".to_string(),
            format!("flash_msg=Failed to save new password: {}", err),
        ),
    };

    // set the flash cookie headers and redirect to the change password page
    Response::redirect_303("/auth/change").add_flash(flash_name, flash_msg)
}