phil/ezidam
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

admin/security: show flash, confirm action with modal

Browse source
This commit is contained in:
Philippe Loctaux 2023-04-07 17:46:39 +02:00
parent 19840b31e6
commit 11e2894621
2 changed files with 137 additions and 71 deletions
Download patch file Download diff file Expand all files Collapse all files

147
crates/ezidam/src/routes/admin/settings.rs
View file

@ -72,10 +72,15 @@ pub async fn settings_update_branding(
}
#[get("/admin/settings/security")]
pub async fn settings_security(admin: JwtAdmin) -> Result<Page> {
Ok(Page::AdminSettingsSecurity(
super::content::AdminSettingsSecurity { user: admin.0 },
))
pub async fn settings_security(
admin: JwtAdmin,
flash: Option<FlashMessage<'_>>,
) -> Result<Template> {
let page = Page::AdminSettingsSecurity(super::content::AdminSettingsSecurity { user: admin.0 });
Ok(flash
.map(|flash| Page::with_flash(page.clone(), flash))
.unwrap_or_else(|| page.into()))
}
#[derive(Debug, FromForm)]
@ -90,81 +95,93 @@ pub async fn settings_security_form(
form: Form<SecurityForm>,
ip_address: IpAddr,
cookie_jar: &CookieJar<'_>,
) -> Result<Redirect> {
) -> Result<Flash<Redirect>> {
let mut transaction = db.begin().await?;
if let Some(logout_everyone) = form.logout_everyone {
if logout_everyone {
// Generate key id
let key_id = task::spawn_blocking(id::KeyID::default).await?;
let (flash_kind, flash_message) = match form.logout_everyone {
Some(logout_everyone) => {
if logout_everyone {
// Generate key id
let key_id = task::spawn_blocking(id::KeyID::default).await?;
// Generate key
let key_id_for_generation = key_id.clone();
let (private_key, public_key) =
task::spawn_blocking(move || jwt::generate(&key_id_for_generation)).await??;
// Generate key
let key_id_for_generation = key_id.clone();
let (private_key, public_key) =
task::spawn_blocking(move || jwt::generate(&key_id_for_generation)).await??;
// Insert keys in database
jwt::database::save_new_keys(&mut transaction, &key_id, &private_key, &public_key)
.await?;
// Insert keys in database
jwt::database::save_new_keys(&mut transaction, &key_id, &private_key, &public_key)
.await?;
// Revoke all keys except new one
jwt::database::revoke_all_except_one(&mut transaction, &key_id).await?;
// Revoke all keys except new one
jwt::database::revoke_all_except_one(&mut transaction, &key_id).await?;
// Get app
let app = App::get_one_by_id(&mut transaction, "ezidam")
.await?
.ok_or_else(|| Error::not_found("Could not find application"))?;
// Get app
let app = App::get_one_by_id(&mut transaction, "ezidam")
.await?
.ok_or_else(|| Error::not_found("Could not find application"))?;
// Get user info
let user = User::get_by_login(&mut transaction, &admin.0.subject)
.await?
.ok_or_else(|| Error::not_found("Could not find user"))?;
// Get user info
let user = User::get_by_login(&mut transaction, &admin.0.subject)
.await?
.ok_or_else(|| Error::not_found("Could not find user"))?;
// Revoke all refresh tokens
RefreshToken::revoke_all(&mut transaction).await?;
// Revoke all refresh tokens
RefreshToken::revoke_all(&mut transaction).await?;
// Generate refresh token
let refresh_token =
generate_refresh_token(&mut transaction, ip_address, user.id(), app.id())
.await
.map_err(Error::internal_server_error)?;
// Generate refresh token
let refresh_token =
generate_refresh_token(&mut transaction, ip_address, user.id(), app.id())
.await
.map_err(Error::internal_server_error)?;
// Add refresh token as a cookie
let mut cookie = Cookie::new(REFRESH_TOKEN_COOKIE_NAME, refresh_token);
cookie.set_secure(true);
cookie.set_http_only(true);
cookie.set_same_site(SameSite::Strict);
cookie.set_max_age(Duration::days(REFRESH_TOKEN_DURATION_DAYS));
cookie_jar.add(cookie);
// Add refresh token as a cookie
let mut cookie = Cookie::new(REFRESH_TOKEN_COOKIE_NAME, refresh_token);
cookie.set_secure(true);
cookie.set_http_only(true);
cookie.set_same_site(SameSite::Strict);
cookie.set_max_age(Duration::days(REFRESH_TOKEN_DURATION_DAYS));
cookie_jar.add(cookie);
// Get base url
let settings = Settings::get(&mut transaction).await?;
let home_page = settings
.url()
.map(String::from)
.ok_or_else(|| Error::bad_request("Server url is not set"))?;
// Get base url
let settings = Settings::get(&mut transaction).await?;
let home_page = settings
.url()
.map(String::from)
.ok_or_else(|| Error::bad_request("Server url is not set"))?;
// Generate jwt
let jwt = generate_jwt(
&mut transaction,
&private_key,
&home_page,
&app.id().0,
&user,
)
.await
.map_err(Error::internal_server_error)?;
// Generate jwt
let jwt = generate_jwt(
&mut transaction,
&private_key,
&home_page,
&app.id().0,
&user,
)
.await
.map_err(Error::internal_server_error)?;
// Add jwt as a cookie
let mut cookie = Cookie::new(JWT_COOKIE_NAME, jwt);
cookie.set_secure(true);
cookie.set_http_only(true);
cookie.set_same_site(SameSite::Strict);
cookie.set_max_age(Duration::minutes(JWT_DURATION_MINUTES));
cookie_jar.add(cookie);
// Add jwt as a cookie
let mut cookie = Cookie::new(JWT_COOKIE_NAME, jwt);
cookie.set_secure(true);
cookie.set_http_only(true);
cookie.set_same_site(SameSite::Strict);
cookie.set_max_age(Duration::minutes(JWT_DURATION_MINUTES));
cookie_jar.add(cookie);
(FlashKind::Success, "Everyone has been logged out.")
} else {
(FlashKind::Warning, "Nothing to do.")
}
}
}
None => (FlashKind::Warning, "Nothing to do."),
};
transaction.commit().await?;
Ok(Redirect::to(uri!(settings_security)))
Ok(Flash::new(
Redirect::to(uri!(settings_security)),
flash_kind,
flash_message,
))
}

61
crates/ezidam/templates/pages/admin/settings/security.html.tera
View file

@ -16,6 +16,13 @@
<!-- Page body -->
<div class="page-body">
<div class="container-xl">
{% if flash %}
<div class="alert alert-{{flash.0}}" role="alert">
<h4 class="alert-title">{{ flash.1 | safe }}</h4>
</div>
{% endif %}
<div class="card">
<div class="row g-0">
<div class="col-3 d-none d-md-block border-end">
@ -39,15 +46,13 @@
</p>
<p>This might take some time, but should not be long.</p>
<div class="row align-items-center">
<div class="row align-items-center mb-4">
<!-- Logout everyone -->
<div class="col-auto">
<form action="" method="post">
<button class="btn btn-danger" type="submit" name="logout_everyone" value="true">
Logout everyone
</button>
</form>
<a class="btn btn-danger" data-bs-toggle="modal" data-bs-target="#modal-logout-confirm">
Logout everyone
</a>
</div>
</div>
@ -57,4 +62,48 @@
</div>
</div>
</div>
<!-- Logout everyone modal -->
<div class="modal modal-blur" tabindex="-1" id="modal-logout-confirm">
<div class="modal-dialog modal-sm modal-dialog-centered" role="document">
<div class="modal-content">
<div class="modal-status bg-danger"></div>
<div class="modal-body text-center py-4">
<div class="text-danger mb-2">
{% include "icons/alert-triangle-large" %}
</div>
<h3>Do you want to log out everyone?</h3>
<div class="mt-2">All users will be logged out.</div>
<div class="mt-2">This might take some time, but should not be long.</div>
</div>
<div class="modal-footer">
<div class="w-100">
<div class="row">
<div class="col">
<a href="#" class="btn w-100" data-bs-dismiss="modal">Cancel</a>
</div>
<div class="col">
<form action="" method="post">
<button type="submit" name="logout_everyone" value="true" class="btn btn-danger w-100">
Logout everyone
</button>
</form>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
{% endblock content %}