flotte-user-management/src/database/users.rs

use crate::database::models::UserRecord;
use crate::database::tokens::{SessionTokens, TokenStore};
use crate::database::user_roles::UserRoles;
use crate::database::{DatabaseResult, Table};
use crate::utils::error::DBError;
use crate::utils::{create_salt, hash_password};

use postgres::Client;
use std::sync::{Arc, Mutex};
use zeroize::{Zeroize, Zeroizing};

const DEFAULT_ADMIN_PASSWORD: &str = "flotte-admin";
const DEFAULT_ADMIN_EMAIL: &str = "admin@flotte-berlin.de";
const ENV_ADMIN_PASSWORD: &str = "ADMIN_PASSWORD";
const ENV_ADMIN_EMAIL: &str = "ADMIN_EMAIL";

#[derive(Clone)]
pub struct Users {
    database_connection: Arc<Mutex<Client>>,
    user_roles: UserRoles,
    token_store: Arc<Mutex<TokenStore>>,
}

impl Table for Users {
    fn new(database_connection: Arc<Mutex<Client>>) -> Self {
        Self {
            user_roles: UserRoles::new(Arc::clone(&database_connection)),
            database_connection,
            token_store: Arc::new(Mutex::new(TokenStore::new())),
        }
    }

    fn init(&self) -> DatabaseResult<()> {
        self.database_connection.lock().unwrap().batch_execute(
            "CREATE TABLE IF NOT EXISTS users (
            id              SERIAL PRIMARY KEY,
            name            VARCHAR(255) NOT NULL,
            email           VARCHAR(255) UNIQUE NOT NULL,
            password_hash   BYTEA NOT NULL,
            salt            BYTEA NOT NULL
        );",
        )?;
        log::debug!("Creating admin user");
        if let Err(e) = self.create_user(
            "ADMIN".to_string(),
            dotenv::var(ENV_ADMIN_EMAIL).unwrap_or(DEFAULT_ADMIN_EMAIL.to_string()),
            dotenv::var(ENV_ADMIN_PASSWORD).unwrap_or(DEFAULT_ADMIN_PASSWORD.to_string()),
        ) {
            log::debug!("Failed to create admin user {}", e);
        } else {
            log::debug!("Admin user created successfully!");
        }

        Ok(())
    }
}

impl Users {
    pub fn create_user(
        &self,
        name: String,
        email: String,
        password: String,
    ) -> DatabaseResult<UserRecord> {
        let mut connection = self.database_connection.lock().unwrap();
        let mut password = Zeroizing::new(password);
        log::trace!("Creating user {} with email  {}", name, email);

        if !connection
            .query("SELECT email FROM users WHERE email = $1", &[&email])?
            .is_empty()
        {
            log::trace!("Failed to create user: Record exists!");
            return Err(DBError::RecordExists);
        }
        let salt = Zeroizing::new(create_salt());
        let pw_hash =
            hash_password(password.as_bytes(), &*salt).map_err(|e| DBError::GenericError(e))?;
        password.zeroize();
        let row = connection.query_one("
            INSERT INTO users (name, email, password_hash, salt) VALUES ($1, $2, $3, $4) RETURNING *;
        ", &[&name, &email, &pw_hash.to_vec(), &salt.to_vec()])?;

        Ok(UserRecord::from_ordered_row(&row))
    }

    pub fn create_tokens(
        &self,
        email: &String,
        password: &String,
    ) -> DatabaseResult<SessionTokens> {
        if self.validate_login(&email, password)? {
            let mut connection = self.database_connection.lock().unwrap();
            let row = connection.query_one("SELECT id FROM users WHERE email = $1", &[&email])?;
            let id: i32 = row.get(0);

            let tokens = SessionTokens::new(id);
            tokens.store(&mut self.token_store.lock().unwrap())?;

            Ok(tokens)
        } else {
            Err(DBError::GenericError("Invalid password".to_string()))
        }
    }

    pub fn validate_request_token(&self, token: &String) -> DatabaseResult<(bool, i32)> {
        let store = self.token_store.lock().unwrap();
        let entry = store.get_request_token(&token);

        if let Some(entry) = entry {
            Ok((true, entry.request_ttl()))
        } else {
            Ok((false, -1))
        }
    }

    pub fn validate_refresh_token(&self, token: &String) -> DatabaseResult<(bool, i32)> {
        let store = self.token_store.lock().unwrap();
        let entry = store.get_refresh_token(&token);

        if let Some(entry) = entry {
            Ok((true, entry.refresh_ttl()))
        } else {
            Ok((false, -1))
        }
    }

    pub fn refresh_tokens(&self, refresh_token: &String) -> DatabaseResult<SessionTokens> {
        let mut token_store = self.token_store.lock().unwrap();
        let tokens = token_store.get_refresh_token(refresh_token);
        if let Some(mut tokens) = tokens.and_then(|t| SessionTokens::from_entry(t)) {
            tokens.refresh();
            tokens.store(&mut token_store)?;

            Ok(tokens)
        } else {
            Err(DBError::GenericError("Invalid refresh token!".to_string()))
        }
    }

    fn validate_login(&self, email: &String, password: &String) -> DatabaseResult<bool> {
        let mut connection = self.database_connection.lock().unwrap();
        let row = connection
            .query_opt(
                "SELECT password_hash, salt FROM users WHERE email = $1",
                &[&email],
            )?
            .ok_or(DBError::GenericError(format!(
                "No user with the email '{}' found",
                &email
            )))?;
        let original_pw_hash: Zeroizing<Vec<u8>> = Zeroizing::new(row.get(0));
        let salt: Zeroizing<Vec<u8>> = Zeroizing::new(row.get(1));
        let pw_hash =
            hash_password(password.as_bytes(), &*salt).map_err(|e| DBError::GenericError(e))?;

        Ok(pw_hash == *original_pw_hash.as_slice())
    }
}
Add function to create a user Signed-off-by: trivernis <trivernis@protonmail.com> 4 years ago			`use crate::database::models::UserRecord;`
Remove redis dependencies Signed-off-by: trivernis <trivernis@protonmail.com> 4 years ago			`use crate::database::tokens::{SessionTokens, TokenStore};`
Add data models Signed-off-by: trivernis <trivernis@protonmail.com> 4 years ago			`use crate::database::user_roles::UserRoles;`
Remove redis dependencies Signed-off-by: trivernis <trivernis@protonmail.com> 4 years ago			`use crate::database::{DatabaseResult, Table};`
Add getRoles method and return ttl for tokens Signed-off-by: trivernis <trivernis@protonmail.com> 4 years ago			`use crate::utils::error::DBError;`
Remove redis dependencies Signed-off-by: trivernis <trivernis@protonmail.com> 4 years ago			`use crate::utils::{create_salt, hash_password};`
Add login route Signed-off-by: trivernis <trivernis@protonmail.com> 4 years ago
Add token functions (create, refresh, validate) Signed-off-by: trivernis <trivernis@protonmail.com> 4 years ago			`use postgres::Client;`
Add data models Signed-off-by: trivernis <trivernis@protonmail.com> 4 years ago			`use std::sync::{Arc, Mutex};`
Add token functions (create, refresh, validate) Signed-off-by: trivernis <trivernis@protonmail.com> 4 years ago			`use zeroize::{Zeroize, Zeroizing};`
Add data models Signed-off-by: trivernis <trivernis@protonmail.com> 4 years ago
Improve logging output format Signed-off-by: trivernis <trivernis@protonmail.com> 4 years ago			`const DEFAULT_ADMIN_PASSWORD: &str = "flotte-admin";`
			`const DEFAULT_ADMIN_EMAIL: &str = "admin@flotte-berlin.de";`
			`const ENV_ADMIN_PASSWORD: &str = "ADMIN_PASSWORD";`
			`const ENV_ADMIN_EMAIL: &str = "ADMIN_EMAIL";`

Add data models Signed-off-by: trivernis <trivernis@protonmail.com> 4 years ago			`#[derive(Clone)]`
			`pub struct Users {`
Add redis connection to all models Signed-off-by: trivernis <trivernis@protonmail.com> 4 years ago			`database_connection: Arc<Mutex<Client>>,`
Add data models Signed-off-by: trivernis <trivernis@protonmail.com> 4 years ago			`user_roles: UserRoles,`
Remove redis dependencies Signed-off-by: trivernis <trivernis@protonmail.com> 4 years ago			`token_store: Arc<Mutex<TokenStore>>,`
Add data models Signed-off-by: trivernis <trivernis@protonmail.com> 4 years ago			`}`

Add function to create a user Signed-off-by: trivernis <trivernis@protonmail.com> 4 years ago			`impl Table for Users {`
Remove redis dependencies Signed-off-by: trivernis <trivernis@protonmail.com> 4 years ago			`fn new(database_connection: Arc<Mutex<Client>>) -> Self {`
Add data models Signed-off-by: trivernis <trivernis@protonmail.com> 4 years ago			`Self {`
Remove redis dependencies Signed-off-by: trivernis <trivernis@protonmail.com> 4 years ago			`user_roles: UserRoles::new(Arc::clone(&database_connection)),`
Add redis connection to all models Signed-off-by: trivernis <trivernis@protonmail.com> 4 years ago			`database_connection,`
Remove redis dependencies Signed-off-by: trivernis <trivernis@protonmail.com> 4 years ago			`token_store: Arc::new(Mutex::new(TokenStore::new())),`
Add data models Signed-off-by: trivernis <trivernis@protonmail.com> 4 years ago			`}`
			`}`

Add redis connection to all models Signed-off-by: trivernis <trivernis@protonmail.com> 4 years ago			`fn init(&self) -> DatabaseResult<()> {`
Improve logging output format Signed-off-by: trivernis <trivernis@protonmail.com> 4 years ago			`self.database_connection.lock().unwrap().batch_execute(`
			`"CREATE TABLE IF NOT EXISTS users (`
Add data models Signed-off-by: trivernis <trivernis@protonmail.com> 4 years ago			`id SERIAL PRIMARY KEY,`
			`name VARCHAR(255) NOT NULL,`
			`email VARCHAR(255) UNIQUE NOT NULL,`
Add function to create a user Signed-off-by: trivernis <trivernis@protonmail.com> 4 years ago			`password_hash BYTEA NOT NULL,`
			`salt BYTEA NOT NULL`
Add data models Signed-off-by: trivernis <trivernis@protonmail.com> 4 years ago			`);",`
Improve logging output format Signed-off-by: trivernis <trivernis@protonmail.com> 4 years ago			`)?;`
			`log::debug!("Creating admin user");`
			`if let Err(e) = self.create_user(`
			`"ADMIN".to_string(),`
			`dotenv::var(ENV_ADMIN_EMAIL).unwrap_or(DEFAULT_ADMIN_EMAIL.to_string()),`
			`dotenv::var(ENV_ADMIN_PASSWORD).unwrap_or(DEFAULT_ADMIN_PASSWORD.to_string()),`
			`) {`
			`log::debug!("Failed to create admin user {}", e);`
			`} else {`
			`log::debug!("Admin user created successfully!");`
			`}`

			`Ok(())`
Add data models Signed-off-by: trivernis <trivernis@protonmail.com> 4 years ago			`}`
			`}`
Add function to create a user Signed-off-by: trivernis <trivernis@protonmail.com> 4 years ago
			`impl Users {`
			`pub fn create_user(`
			`&self,`
			`name: String,`
			`email: String,`
			`password: String,`
			`) -> DatabaseResult<UserRecord> {`
			`let mut connection = self.database_connection.lock().unwrap();`
Add token functions (create, refresh, validate) Signed-off-by: trivernis <trivernis@protonmail.com> 4 years ago			`let mut password = Zeroizing::new(password);`
Improve logging output format Signed-off-by: trivernis <trivernis@protonmail.com> 4 years ago			`log::trace!("Creating user {} with email {}", name, email);`
Add function to create a user Signed-off-by: trivernis <trivernis@protonmail.com> 4 years ago
			`if !connection`
Add getRoles method and return ttl for tokens Signed-off-by: trivernis <trivernis@protonmail.com> 4 years ago			`.query("SELECT email FROM users WHERE email = $1", &[&email])?`
Add function to create a user Signed-off-by: trivernis <trivernis@protonmail.com> 4 years ago			`.is_empty()`
			`{`
Improve logging output format Signed-off-by: trivernis <trivernis@protonmail.com> 4 years ago			`log::trace!("Failed to create user: Record exists!");`
Add getRoles method and return ttl for tokens Signed-off-by: trivernis <trivernis@protonmail.com> 4 years ago			`return Err(DBError::RecordExists);`
Add function to create a user Signed-off-by: trivernis <trivernis@protonmail.com> 4 years ago			`}`
Add token functions (create, refresh, validate) Signed-off-by: trivernis <trivernis@protonmail.com> 4 years ago			`let salt = Zeroizing::new(create_salt());`
Add login route Signed-off-by: trivernis <trivernis@protonmail.com> 4 years ago			`let pw_hash =`
			`hash_password(password.as_bytes(), &*salt).map_err(\|e\| DBError::GenericError(e))?;`
Add token functions (create, refresh, validate) Signed-off-by: trivernis <trivernis@protonmail.com> 4 years ago			`password.zeroize();`
Add function to create a user Signed-off-by: trivernis <trivernis@protonmail.com> 4 years ago			`let row = connection.query_one("`
			`INSERT INTO users (name, email, password_hash, salt) VALUES ($1, $2, $3, $4) RETURNING *;`
Add getRoles method and return ttl for tokens Signed-off-by: trivernis <trivernis@protonmail.com> 4 years ago			`", &[&name, &email, &pw_hash.to_vec(), &salt.to_vec()])?;`
Add function to create a user Signed-off-by: trivernis <trivernis@protonmail.com> 4 years ago
			`Ok(UserRecord::from_ordered_row(&row))`
			`}`
Add token functions (create, refresh, validate) Signed-off-by: trivernis <trivernis@protonmail.com> 4 years ago
Remove redis dependencies Signed-off-by: trivernis <trivernis@protonmail.com> 4 years ago			`pub fn create_tokens(`
Add login route Signed-off-by: trivernis <trivernis@protonmail.com> 4 years ago			`&self,`
Add method to refresh a request token Signed-off-by: trivernis <trivernis@protonmail.com> 4 years ago			`email: &String,`
			`password: &String,`
Add login route Signed-off-by: trivernis <trivernis@protonmail.com> 4 years ago			`) -> DatabaseResult<SessionTokens> {`
Add token functions (create, refresh, validate) Signed-off-by: trivernis <trivernis@protonmail.com> 4 years ago			`if self.validate_login(&email, password)? {`
			`let mut connection = self.database_connection.lock().unwrap();`
Add getRoles method and return ttl for tokens Signed-off-by: trivernis <trivernis@protonmail.com> 4 years ago			`let row = connection.query_one("SELECT id FROM users WHERE email = $1", &[&email])?;`
Add token functions (create, refresh, validate) Signed-off-by: trivernis <trivernis@protonmail.com> 4 years ago			`let id: i32 = row.get(0);`

Remove redis dependencies Signed-off-by: trivernis <trivernis@protonmail.com> 4 years ago			`let tokens = SessionTokens::new(id);`
			`tokens.store(&mut self.token_store.lock().unwrap())?;`
Add token functions (create, refresh, validate) Signed-off-by: trivernis <trivernis@protonmail.com> 4 years ago
Remove redis dependencies Signed-off-by: trivernis <trivernis@protonmail.com> 4 years ago			`Ok(tokens)`
Add token functions (create, refresh, validate) Signed-off-by: trivernis <trivernis@protonmail.com> 4 years ago			`} else {`
Add getRoles method and return ttl for tokens Signed-off-by: trivernis <trivernis@protonmail.com> 4 years ago			`Err(DBError::GenericError("Invalid password".to_string()))`
Add token functions (create, refresh, validate) Signed-off-by: trivernis <trivernis@protonmail.com> 4 years ago			`}`
			`}`

Add method to refresh a request token Signed-off-by: trivernis <trivernis@protonmail.com> 4 years ago			`pub fn validate_request_token(&self, token: &String) -> DatabaseResult<(bool, i32)> {`
Remove redis dependencies Signed-off-by: trivernis <trivernis@protonmail.com> 4 years ago			`let store = self.token_store.lock().unwrap();`
			`let entry = store.get_request_token(&token);`
Add token functions (create, refresh, validate) Signed-off-by: trivernis <trivernis@protonmail.com> 4 years ago
Remove redis dependencies Signed-off-by: trivernis <trivernis@protonmail.com> 4 years ago			`if let Some(entry) = entry {`
			`Ok((true, entry.request_ttl()))`
			`} else {`
			`Ok((false, -1))`
			`}`
Add token functions (create, refresh, validate) Signed-off-by: trivernis <trivernis@protonmail.com> 4 years ago			`}`

Add method to refresh a request token Signed-off-by: trivernis <trivernis@protonmail.com> 4 years ago			`pub fn validate_refresh_token(&self, token: &String) -> DatabaseResult<(bool, i32)> {`
Remove redis dependencies Signed-off-by: trivernis <trivernis@protonmail.com> 4 years ago			`let store = self.token_store.lock().unwrap();`
			`let entry = store.get_refresh_token(&token);`
Add token functions (create, refresh, validate) Signed-off-by: trivernis <trivernis@protonmail.com> 4 years ago
Remove redis dependencies Signed-off-by: trivernis <trivernis@protonmail.com> 4 years ago			`if let Some(entry) = entry {`
			`Ok((true, entry.refresh_ttl()))`
			`} else {`
			`Ok((false, -1))`
			`}`
Add token functions (create, refresh, validate) Signed-off-by: trivernis <trivernis@protonmail.com> 4 years ago			`}`

Add method to refresh a request token Signed-off-by: trivernis <trivernis@protonmail.com> 4 years ago			`pub fn refresh_tokens(&self, refresh_token: &String) -> DatabaseResult<SessionTokens> {`
Remove redis dependencies Signed-off-by: trivernis <trivernis@protonmail.com> 4 years ago			`let mut token_store = self.token_store.lock().unwrap();`
			`let tokens = token_store.get_refresh_token(refresh_token);`
			`if let Some(mut tokens) = tokens.and_then(\|t\| SessionTokens::from_entry(t)) {`
Add token functions (create, refresh, validate) Signed-off-by: trivernis <trivernis@protonmail.com> 4 years ago			`tokens.refresh();`
Remove redis dependencies Signed-off-by: trivernis <trivernis@protonmail.com> 4 years ago			`tokens.store(&mut token_store)?;`
Add token functions (create, refresh, validate) Signed-off-by: trivernis <trivernis@protonmail.com> 4 years ago
			`Ok(tokens)`
			`} else {`
Add getRoles method and return ttl for tokens Signed-off-by: trivernis <trivernis@protonmail.com> 4 years ago			`Err(DBError::GenericError("Invalid refresh token!".to_string()))`
Add token functions (create, refresh, validate) Signed-off-by: trivernis <trivernis@protonmail.com> 4 years ago			`}`
			`}`

Add method to refresh a request token Signed-off-by: trivernis <trivernis@protonmail.com> 4 years ago			`fn validate_login(&self, email: &String, password: &String) -> DatabaseResult<bool> {`
Add token functions (create, refresh, validate) Signed-off-by: trivernis <trivernis@protonmail.com> 4 years ago			`let mut connection = self.database_connection.lock().unwrap();`
Add login route Signed-off-by: trivernis <trivernis@protonmail.com> 4 years ago			`let row = connection`
			`.query_opt(`
			`"SELECT password_hash, salt FROM users WHERE email = $1",`
			`&[&email],`
			`)?`
			`.ok_or(DBError::GenericError(format!(`
			`"No user with the email '{}' found",`
			`&email`
			`)))?;`
Add token functions (create, refresh, validate) Signed-off-by: trivernis <trivernis@protonmail.com> 4 years ago			`let original_pw_hash: Zeroizing<Vec<u8>> = Zeroizing::new(row.get(0));`
			`let salt: Zeroizing<Vec<u8>> = Zeroizing::new(row.get(1));`
Add login route Signed-off-by: trivernis <trivernis@protonmail.com> 4 years ago			`let pw_hash =`
			`hash_password(password.as_bytes(), &*salt).map_err(\|e\| DBError::GenericError(e))?;`
Add token functions (create, refresh, validate) Signed-off-by: trivernis <trivernis@protonmail.com> 4 years ago
Add login route Signed-off-by: trivernis <trivernis@protonmail.com> 4 years ago			`Ok(pw_hash == *original_pw_hash.as_slice())`
Add token functions (create, refresh, validate) Signed-off-by: trivernis <trivernis@protonmail.com> 4 years ago			`}`
Add function to create a user Signed-off-by: trivernis <trivernis@protonmail.com> 4 years ago			`}`