MyFavMirrors/moonfire-nvr
1
0
Fork 0
mirror of https://github.com/scottlamb/moonfire-nvr.git synced 2025-11-07 12:52:58 -05:00
Code Issues Packages Projects Releases Wiki Activity

user admin api improvements

Browse Source
This commit is contained in:
Scott Lamb
2023-01-08 03:14:03 -06:00
parent 5248ebc51f
commit 8c4e69f772
6 changed files with 87 additions and 46 deletions
Download Patch File Download Diff File Expand all files Collapse all files

38
server/db/auth.rs
View File

@@ -478,7 +478,11 @@ impl State {
.context(ErrorKind::Unknown)?;
}
let u = e.into_mut();
u.username = change.username;
if u.username != change.username {
self.users_by_name.remove(&u.username);
self.users_by_name.insert(change.username.clone(), u.id);
u.username = change.username;
}
if let Some(h) = change.set_password_hash {
u.password_hash = h;
u.password_id += 1;
@@ -543,7 +547,9 @@ impl State {
}
tx.commit().context(ErrorKind::Unknown)?;
let name = self.users_by_id.remove(&id).unwrap().username;
self.users_by_name.remove(&name).unwrap();
self.users_by_name
.remove(&name)
.expect("users_by_name should be consistent with users_by_id");
self.sessions.retain(|_k, ref mut v| v.user_id != id);
Ok(())
}
@@ -1147,6 +1153,34 @@ mod tests {
);
}
#[test]
fn change() {
testutil::init();
let mut conn = Connection::open_in_memory().unwrap();
db::init(&mut conn).unwrap();
let mut state = State::init(&conn).unwrap();
let req = Request {
when_sec: Some(42),
addr: Some(::std::net::IpAddr::V4(::std::net::Ipv4Addr::new(
127, 0, 0, 1,
))),
user_agent: Some(b"some ua".to_vec()),
};
let uid = {
let mut c = UserChange::add_user("slamb".to_owned());
c.set_password("hunter2".to_owned());
state.apply(&conn, c).unwrap().id
};
let user = state.users_by_id().get(&uid).unwrap();
let mut c = user.change();
c.username = "foo".to_owned();
state.apply(&conn, c).unwrap();
assert!(state.users_by_name.get("slamb").is_none());
assert!(state.users_by_name.get("foo").is_some());
}
#[test]
fn delete() {
testutil::init();

19
server/src/json.rs
View File

@@ -564,6 +564,17 @@ pub struct UserSubset<'a> {
pub permissions: Option<Permissions>,
}
impl<'a> From<&'a db::User> for UserSubset<'a> {
fn from(u: &'a db::User) -> Self {
Self {
username: Some(&u.username),
preferences: Some(u.config.preferences.clone()),
password: Some(u.has_password().then_some("(censored)")),
permissions: Some(u.permissions.clone().into()),
}
}
}
// Any value that is present is considered Some value, including null.
// https://github.com/serde-rs/serde/issues/984#issuecomment-314143738
fn deserialize_some<'de, T, D>(deserializer: D) -> Result<Option<T>, D::Error>
@@ -617,14 +628,14 @@ impl From<db::schema::Permissions> for Permissions {
/// Response to `GET /api/users/`.
#[derive(Serialize)]
pub struct GetUsersResponse {
pub users: Vec<UserSummary>,
pub struct GetUsersResponse<'a> {
pub users: Vec<UserWithId<'a>>,
}
#[derive(Serialize)]
pub struct UserSummary {
pub struct UserWithId<'a> {
pub id: i32,
pub username: String,
pub user: UserSubset<'a>,
}
/// Response to `PUT /api/users/`.

41
server/src/web/users.rs
View File

@@ -7,7 +7,7 @@
use base::{bail_t, format_err_t};
use http::{Method, Request, StatusCode};
use crate::json::{self, PutUsersResponse, UserSubset, UserSummary};
use crate::json::{self, PutUsersResponse, UserSubset, UserWithId};
use super::{
bad_req, extract_json_body, plain_response, require_csrf_if_session, serve_json, Caller,
@@ -18,10 +18,12 @@ impl Service {
pub(super) async fn users(&self, req: Request<hyper::Body>, caller: Caller) -> ResponseResult {
match *req.method() {
Method::GET | Method::HEAD => self.get_users(req, caller).await,
Method::PUT => self.put_users(req, caller).await,
_ => Err(
plain_response(StatusCode::METHOD_NOT_ALLOWED, "GET, HEAD, or PUT expected").into(),
),
Method::POST => self.post_users(req, caller).await,
_ => Err(plain_response(
StatusCode::METHOD_NOT_ALLOWED,
"GET, HEAD, or POST expected",
)
.into()),
}
}
@@ -29,20 +31,19 @@ impl Service {
if !caller.permissions.admin_users {
bail_t!(Unauthenticated, "must have admin_users permission");
}
let users = self
.db
.lock()
let l = self.db.lock();
let users = l
.users_by_id()
.iter()
.map(|(&id, user)| UserSummary {
.map(|(&id, user)| UserWithId {
id,
username: user.username.clone(),
user: UserSubset::from(user),
})
.collect();
serve_json(&req, &json::GetUsersResponse { users })
}
async fn put_users(&self, mut req: Request<hyper::Body>, caller: Caller) -> ResponseResult {
async fn post_users(&self, mut req: Request<hyper::Body>, caller: Caller) -> ResponseResult {
if !caller.permissions.admin_users {
bail_t!(Unauthenticated, "must have admin_users permission");
}
@@ -82,10 +83,10 @@ impl Service {
match *req.method() {
Method::GET | Method::HEAD => self.get_user(req, caller, id).await,
Method::DELETE => self.delete_user(req, caller, id).await,
Method::POST => self.post_user(req, caller, id).await,
Method::PATCH => self.patch_user(req, caller, id).await,
_ => Err(plain_response(
StatusCode::METHOD_NOT_ALLOWED,
"GET, HEAD, DELETE, or POST expected",
"GET, HEAD, DELETE, or PATCH expected",
)
.into()),
}
@@ -98,17 +99,7 @@ impl Service {
.users_by_id()
.get(&id)
.ok_or_else(|| format_err_t!(NotFound, "can't find requested user"))?;
let out = UserSubset {
username: Some(&user.username),
preferences: Some(user.config.preferences.clone()),
password: Some(if user.has_password() {
Some("(censored)")
} else {
None
}),
permissions: Some(user.permissions.clone().into()),
};
serve_json(&req, &out)
serve_json(&req, &UserSubset::from(user))
}
async fn delete_user(
@@ -128,7 +119,7 @@ impl Service {
Ok(plain_response(StatusCode::NO_CONTENT, &b""[..]))
}
async fn post_user(
async fn patch_user(
&self,
mut req: Request<hyper::Body>,
caller: Caller,