#610 Store password reset requests in database

Merged
rfwatson merged 4 commits from feature/persist_password_reset into master 1 year ago
rfwatson commented 1 year ago (Migrated from github.com)

Had a go at closing #600.

New to lots of stuff here (Rust, Diesel, Rocket, Plume...) so all feedback appreciated.

TODO

Had a go at closing #600. New to lots of stuff here (Rust, Diesel, Rocket, Plume...) so all feedback appreciated. ## TODO * [x] SQLite migrations * [x] resolve inline TODOs * [ ] integration tests? * [x] fix CI issues
rfwatson (Migrated from github.com) reviewed 1 year ago
@@ -243,4 +223,4 @@
form: Form<NewPasswordForm>,
rockets: PlumeRocket,
) -> Result<Flash<Redirect>, Ructe> {
form.validate()
Plume_migration_agent commented 1 year ago

The logic to detect an expired token is private to the model now. Not sure how important having a specific error is. We could maybe return a custom Diesel error?

The logic to detect an expired token is private to the model now. Not sure how important having a specific error is. We could maybe return a custom Diesel error?
rfwatson (Migrated from github.com) reviewed 1 year ago
Plume_migration_agent commented 1 year ago

It would be good to test that old password reset requests are ignored.

The simplest way I can think of would be to insert a record, and then update its creation_date with some raw SQL in the test. It feels pretty dirty though. Better ideas appreciated.

It would be good to test that old password reset requests are [ignored](https://github.com/Plume-org/Plume/pull/610/files#diff-a248869f1983a92462c39c8b2ea8a66eR44). The simplest way I can think of would be to insert a record, and then update its `creation_date` with some raw SQL in the test. It feels pretty dirty though. Better ideas appreciated.
elegaanz (Migrated from github.com) reviewed 1 year ago
elegaanz (Migrated from github.com) left a comment

What you did so far looks great! Thank you for helping with that.

Plume_migration_agent commented 1 year ago

thread::sleep(2 * 60 * 60 * 1000)

More seriously, I think you can pass tuples to diesel::insert_into(...).values(), like:

diesel::insert_into(password_reset_requests::table)
    .values((
        password_reset_requests::email.eq("foo@bar.org"),
        password_reset_requests::token.eq("aaaaaaaaa"),
        password_reset_requests::creation_date.eq(now - 3.hours()),
    ))

You can probably use it instead of PasswordResetRequest::insert in this test.

~~`thread::sleep(2 * 60 * 60 * 1000)`~~ More seriously, I think you can pass tuples to `diesel::insert_into(...).values()`, like: ```rust diesel::insert_into(password_reset_requests::table) .values(( password_reset_requests::email.eq("foo@bar.org"), password_reset_requests::token.eq("aaaaaaaaa"), password_reset_requests::creation_date.eq(now - 3.hours()), )) ``` You can probably use it instead of `PasswordResetRequest::insert` in this test.
@@ -243,4 +223,4 @@
form: Form<NewPasswordForm>,
rockets: PlumeRocket,
) -> Result<Flash<Redirect>, Ructe> {
form.validate()
Plume_migration_agent commented 1 year ago

Maybe, instead of mapping the error to to_validation, you could have a closure that returns the specific error that was previously returned?

Maybe, instead of mapping the error to `to_validation`, you could have a closure that returns the specific error that was previously returned?
codecov[bot] commented 1 year ago (Migrated from github.com)
Owner

Codecov Report

No coverage uploaded for pull request base (master@b2312d7). Click here to learn what that means.
The diff coverage is 66.94%.

@@            Coverage Diff            @@
##             master     #610   +/-   ##
=========================================
  Coverage          ?   35.31%           
=========================================
  Files             ?       68           
  Lines             ?     7907           
  Branches          ?     1893           
=========================================
  Hits              ?     2792           
  Misses            ?     4345           
  Partials          ?      770
# [Codecov](https://codecov.io/gh/Plume-org/Plume/pull/610?src=pr&el=h1) Report > :exclamation: No coverage uploaded for pull request base (`master@b2312d7`). [Click here to learn what that means](https://docs.codecov.io/docs/error-reference#section-missing-base-commit). > The diff coverage is `66.94%`. ```diff @@ Coverage Diff @@ ## master #610 +/- ## ========================================= Coverage ? 35.31% ========================================= Files ? 68 Lines ? 7907 Branches ? 1893 ========================================= Hits ? 2792 Misses ? 4345 Partials ? 770 ```
rfwatson (Migrated from github.com) reviewed 1 year ago
@@ -243,4 +223,4 @@
form: Form<NewPasswordForm>,
rockets: PlumeRocket,
) -> Result<Flash<Redirect>, Ructe> {
form.validate()
Plume_migration_agent commented 1 year ago

I ended up adding a new Expired error variant - it felt generic enough to be useful elsewhere in the app too. Happy to iterate on this more if it doesn’t feel like a good approach though.

I ended up adding a new `Expired` error variant - it felt generic enough to be useful elsewhere in the app too. Happy to iterate on this more if it doesn't feel like a good approach though.
rfwatson commented 1 year ago (Migrated from github.com)
Owner

Pretty happy with this now. Still a couple of CI failures but they look random to me

Pretty happy with this now. Still a couple of CI failures but they look random to me
elegaanz commented 1 year ago (Migrated from github.com)
Owner

Yes the CI fails sometimes because it doesn’t have enough memory to build…

Yes the CI fails sometimes because it doesn't have enough memory to build…
elegaanz (Migrated from github.com) approved these changes 1 year ago
elegaanz (Migrated from github.com) left a comment

Everything seems to work fine. Thank you! 😊

Reviewers

Plume_migration_agent approved these changes 1 year ago
The pull request has been merged as 4b205fa995.
Sign in to join this conversation.
No Milestone
No Assignees
1 Participants
Notifications
Due Date

No due date set.

Dependencies

This pull request currently doesn't have any dependencies.

Loading…
There is no content yet.