From 0baeeadce97f75b83f40d626cf7f5c1757f728c4 Mon Sep 17 00:00:00 2001
From: Philippe Loctaux <p@philippeloctaux.com>
Date: Mon, 1 May 2023 22:18:50 +0200
Subject: [PATCH] redirect: when logging in to ezidam, if user has expired
 password reset token, delete it

---
 crates/ezidam/src/routes/oauth/authorize.rs |  4 +++-
 crates/ezidam/src/routes/oauth/redirect.rs  | 12 ++++++++++++
 crates/users/src/lib.rs                     |  7 +++++++
 3 files changed, 22 insertions(+), 1 deletion(-)

diff --git a/crates/ezidam/src/routes/oauth/authorize.rs b/crates/ezidam/src/routes/oauth/authorize.rs
index b656dca..c9df67c 100644
--- a/crates/ezidam/src/routes/oauth/authorize.rs
+++ b/crates/ezidam/src/routes/oauth/authorize.rs
@@ -208,9 +208,11 @@ pub async fn authorize_form(
     // Generate authorization code
     let code = task::spawn_blocking(|| SecretString::new(AUTHORIZATION_CODE_LEN)).await?;
 
-    // Save authorization code
     let mut transaction = db.begin().await?;
+
+    // Save authorization code
     AuthorizationCode::insert(&mut transaction, code.as_ref(), app.id(), &user_id).await?;
+
     transaction.commit().await?;
 
     // Redirect to oauth redirect uri
diff --git a/crates/ezidam/src/routes/oauth/redirect.rs b/crates/ezidam/src/routes/oauth/redirect.rs
index 68291d8..9abfc46 100644
--- a/crates/ezidam/src/routes/oauth/redirect.rs
+++ b/crates/ezidam/src/routes/oauth/redirect.rs
@@ -123,6 +123,18 @@ pub async fn redirect_page(
         cookie_jar.add(cookie);
     }
 
+    // If user has unused password reset token
+    if let Some(password_recover) = user
+        .password_recover()
+        .map_err(|e| Error::internal_server_error(format!("Password recover: {e}")))?
+    {
+        // If it has expired, delete it
+        if password_recover.has_expired() {
+            user.set_password_reset_token(&mut transaction, None)
+                .await?;
+        }
+    }
+
     transaction.commit().await?;
 
     // HTTP Response
diff --git a/crates/users/src/lib.rs b/crates/users/src/lib.rs
index e839559..cca2b81 100644
--- a/crates/users/src/lib.rs
+++ b/crates/users/src/lib.rs
@@ -8,6 +8,7 @@ use id::UserID;
 use serde::Serialize;
 
 pub use crate::error::Error;
+use crate::password_reset::{Error as PasswordResetTokenError, PasswordResetToken};
 
 #[derive(Serialize, Debug, Clone)]
 pub struct User {
@@ -64,4 +65,10 @@ impl User {
     pub fn totp_backup_hashed(&self) -> Option<&str> {
         self.totp_backup.as_deref()
     }
+    pub fn password_recover(&self) -> Result<Option<PasswordResetToken>, PasswordResetTokenError> {
+        self.password_recover
+            .as_deref()
+            .map(PasswordResetToken::parse)
+            .transpose()
+    }
 }