From 19ae80f8746281e99dfeb65f7cf135eae3ae7386 Mon Sep 17 00:00:00 2001 From: alemi Date: Fri, 28 Jun 2024 05:13:02 +0200 Subject: [PATCH] feat: add user approval after registration basically credentials are disabled until approved by admin --- upub/cli/src/faker.rs | 1 + upub/core/src/config.rs | 3 ++ upub/core/src/model/credential.rs | 1 + upub/core/src/traits/admin.rs | 1 + upub/migrations/src/lib.rs | 2 + ...524_000003_create_users_auth_and_config.rs | 1 + ...240628_000002_add_credentials_activated.rs | 38 +++++++++++++++++++ upub/routes/src/activitypub/auth.rs | 1 + 8 files changed, 48 insertions(+) create mode 100644 upub/migrations/src/m20240628_000002_add_credentials_activated.rs diff --git a/upub/cli/src/faker.rs b/upub/cli/src/faker.rs index bffbe4e4..ad8674b7 100644 --- a/upub/cli/src/faker.rs +++ b/upub/cli/src/faker.rs @@ -51,6 +51,7 @@ pub async fn faker(ctx: upub::Context, count: i64) -> Result<(), sea_orm::DbErr> actor: Set(test_user.id.clone()), login: Set("mail@example.net".to_string()), password: Set(sha256::digest("very-strong-password")), + active: Set(true), }).exec(db).await?; let context = uuid::Uuid::new_v4().to_string(); diff --git a/upub/core/src/config.rs b/upub/core/src/config.rs index 640c49e8..5e4800bc 100644 --- a/upub/core/src/config.rs +++ b/upub/core/src/config.rs @@ -65,6 +65,9 @@ pub struct SecurityConfig { #[serde(default)] pub allow_registration: bool, + #[serde(default)] // TODO i don't like the name of this + pub require_user_approval: bool, + #[serde(default)] pub allow_public_debugger: bool, diff --git a/upub/core/src/model/credential.rs b/upub/core/src/model/credential.rs index be2d2c69..f650c1b2 100644 --- a/upub/core/src/model/credential.rs +++ b/upub/core/src/model/credential.rs @@ -9,6 +9,7 @@ pub struct Model { pub actor: String, pub login: String, pub password: String, + pub active: bool, } #[derive(Copy, Clone, Debug, EnumIter, DeriveRelation)] diff --git a/upub/core/src/traits/admin.rs b/upub/core/src/traits/admin.rs index 3a6d47d6..ef3596ca 100644 --- a/upub/core/src/traits/admin.rs +++ b/upub/core/src/traits/admin.rs @@ -75,6 +75,7 @@ impl Administrable for crate::Context { actor: Set(ap_id), login: Set(username), password: Set(sha256::digest(password)), + active: Set(!self.cfg().security.require_user_approval), }; crate::model::credential::Entity::insert(credentials_model) diff --git a/upub/migrations/src/lib.rs b/upub/migrations/src/lib.rs index 40f2ef22..2d4f0a66 100644 --- a/upub/migrations/src/lib.rs +++ b/upub/migrations/src/lib.rs @@ -13,6 +13,7 @@ mod m20240609_000001_add_instance_field_to_relations; mod m20240623_000001_add_dislikes_table; mod m20240626_000001_add_notifications_table; mod m20240628_000001_add_followers_following_indexes; +mod m20240628_000002_add_credentials_activated; pub struct Migrator; @@ -33,6 +34,7 @@ impl MigratorTrait for Migrator { Box::new(m20240623_000001_add_dislikes_table::Migration), Box::new(m20240626_000001_add_notifications_table::Migration), Box::new(m20240628_000001_add_followers_following_indexes::Migration), + Box::new(m20240628_000002_add_credentials_activated::Migration), ] } } diff --git a/upub/migrations/src/m20240524_000003_create_users_auth_and_config.rs b/upub/migrations/src/m20240524_000003_create_users_auth_and_config.rs index 0e11c9e3..96e328b6 100644 --- a/upub/migrations/src/m20240524_000003_create_users_auth_and_config.rs +++ b/upub/migrations/src/m20240524_000003_create_users_auth_and_config.rs @@ -21,6 +21,7 @@ pub enum Credentials { Actor, Login, Password, + Active, // ADDED } #[derive(DeriveIden)] diff --git a/upub/migrations/src/m20240628_000002_add_credentials_activated.rs b/upub/migrations/src/m20240628_000002_add_credentials_activated.rs new file mode 100644 index 00000000..112e3fe6 --- /dev/null +++ b/upub/migrations/src/m20240628_000002_add_credentials_activated.rs @@ -0,0 +1,38 @@ +use sea_orm_migration::prelude::*; + +use crate::m20240524_000003_create_users_auth_and_config::Credentials; + +#[derive(DeriveMigrationName)] +pub struct Migration; + +#[async_trait::async_trait] +impl MigrationTrait for Migration { + async fn up(&self, manager: &SchemaManager) -> Result<(), DbErr> { + + manager + .alter_table( + Table::alter() + .table(Credentials::Table) + .add_column(ColumnDef::new(Credentials::Active).boolean().not_null().default(false)) + .to_owned() + ) + .await?; + + Ok(()) + } + + async fn down(&self, manager: &SchemaManager) -> Result<(), DbErr> { + + manager + .alter_table( + Table::alter() + .table(Credentials::Table) + .drop_column(Credentials::Active) + .to_owned() + ) + .await?; + + Ok(()) + } +} + diff --git a/upub/routes/src/activitypub/auth.rs b/upub/routes/src/activitypub/auth.rs index 02c4e07b..a9298b14 100644 --- a/upub/routes/src/activitypub/auth.rs +++ b/upub/routes/src/activitypub/auth.rs @@ -35,6 +35,7 @@ pub async fn login( .filter(Condition::all() .add(upub::model::credential::Column::Login.eq(login.email)) .add(upub::model::credential::Column::Password.eq(sha256::digest(login.password))) + .add(upub::model::credential::Column::Active.eq(true)) ) .one(ctx.db()) .await?