Merge pull request #80 from TheShieldAuth/develop

update user api added and few enhancements

entity/src/middlewares/realm.rs

@@ -1,17 +1,37 @@
-use crate::{models::realm::ActiveModel, utils::check_locked_at_constraint};
+use crate::{
+    client,
+    models::{client::Entity as Client, realm::ActiveModel},
+    utils::check_locked_at_constraint,
+};
 use async_trait::async_trait;
-use sea_orm::{entity::prelude::*, ActiveValue};
+use sea_orm::{
+    entity::prelude::*,
+    sqlx::types::chrono::{DateTime, FixedOffset},
+    ActiveValue, EntityTrait, QueryFilter,
+};
 use slug::slugify;
 
 #[async_trait]
 impl ActiveModelBehavior for ActiveModel {
-    /// Will be triggered before insert / update
-    async fn before_save<C>(mut self, _db: &C, _insert: bool) -> Result<Self, DbErr>
+    async fn before_save<C>(mut self, db: &C, insert: bool) -> Result<Self, DbErr>
     where
         C: ConnectionTrait,
     {
         if let ActiveValue::Set(ref locked_at) = self.locked_at {
-            check_locked_at_constraint(locked_at)?
+            check_locked_at_constraint(locked_at)?;
+            if !insert {
+                if let ActiveValue::Set(realm_id) = self.id {
+                    update_clients_lock_status(db, realm_id, locked_at).await?;
+                }
+            }
+        }
+
+        if let ActiveValue::Set(is_account_activation_required) = self.is_account_activation_required {
+            if !insert {
+                if let ActiveValue::Set(realm_id) = self.id {
+                    update_clients_is_account_activation_required_status(db, realm_id, is_account_activation_required).await?;
+                }
+            }
         }
 
         if let ActiveValue::Set(ref name) = self.name {
@@ -22,3 +42,40 @@ impl ActiveModelBehavior for ActiveModel {
         Ok(self)
     }
 }
+
+async fn update_clients_lock_status<C>(db: &C, realm_id: Uuid, locked_at: &Option<DateTime<FixedOffset>>) -> Result<(), DbErr>
+where
+    C: ConnectionTrait,
+{
+    if locked_at.is_some() {
+        Client::update_many()
+            .filter(client::Column::RealmId.eq(realm_id))
+            .filter(client::Column::LockedAt.is_null())
+            .set(client::ActiveModel {
+                locked_at: ActiveValue::Set(*locked_at),
+                ..Default::default()
+            })
+            .exec(db)
+            .await?;
+    }
+    Ok(())
+}
+
+async fn update_clients_is_account_activation_required_status<C>(db: &C, realm_id: Uuid, is_account_activation_required: bool) -> Result<(), DbErr>
+where
+    C: ConnectionTrait,
+{
+    if is_account_activation_required {
+        Client::update_many()
+            .filter(client::Column::RealmId.eq(realm_id))
+            .filter(client::Column::IsAccountActivationRequired.eq(false))
+            .set(client::ActiveModel {
+                is_account_activation_required: ActiveValue::Set(is_account_activation_required),
+                ..Default::default()
+            })
+            .exec(db)
+            .await?;
+    }
+
+    Ok(())
+}

entity/src/models/client.rs

@@ -15,6 +15,7 @@ pub struct Model {
     pub use_refresh_token: bool,
     pub refresh_token_lifetime: i32,
     pub refresh_token_reuse_limit: i32,
+    pub is_account_activation_required: bool,
     pub locked_at: Option<DateTimeWithTimeZone>,
     pub realm_id: Uuid,
     pub created_at: DateTimeWithTimeZone,

entity/src/models/realm.rs

@@ -17,6 +17,7 @@ pub struct Model {
     pub use_refresh_token: bool,
     pub refresh_token_lifetime: i32,
     pub refresh_token_reuse_limit: i32,
+    pub is_account_activation_required: bool,
     pub locked_at: Option<DateTimeWithTimeZone>,
     pub created_at: DateTimeWithTimeZone,
     pub updated_at: DateTimeWithTimeZone,

entity/src/models/user.rs

@@ -17,6 +17,7 @@ pub struct Model {
     pub two_factor_enabled_at: Option<DateTimeWithTimeZone>,
     pub password_hash: Option<String>,
     pub is_temp_password: bool,
+    pub is_account_activated: bool,
     pub locked_at: Option<DateTimeWithTimeZone>,
     pub realm_id: Uuid,
     pub created_at: DateTimeWithTimeZone,

migration/src/lib.rs

@@ -1,30 +1,30 @@
 pub use sea_orm_migration::prelude::*;
 
-mod m20220101_000001_create_realm_table;
-mod m20220101_000002_create_client_table;
-mod m20220101_000003_create_user_table;
-mod m20220101_000004_create_resource_group_table;
-mod m20220101_000005_create_resource_table;
-mod m20220101_000006_create_refresh_token_table;
-mod m20220101_000007_create_api_user_table;
-mod m20220101_000008_create_session_table;
-mod m20220101_000009_create_verification_table;
+mod m20250101_000001_create_realm_table;
+mod m20250101_000002_create_client_table;
+mod m20250101_000003_create_user_table;
+mod m20250101_000004_create_resource_group_table;
+mod m20250101_000005_create_resource_table;
+mod m20250101_000006_create_refresh_token_table;
+mod m20250101_000007_create_api_user_table;
+mod m20250101_000008_create_session_table;
+mod m20250101_000009_create_verification_table;
 
 pub struct Migrator;
 
 #[async_trait::async_trait]
 impl MigratorTrait for Migrator {
     fn migrations() -> Vec<Box<dyn MigrationTrait>> {
         vec![
-            Box::new(m20220101_000001_create_realm_table::Migration),
-            Box::new(m20220101_000002_create_client_table::Migration),
-            Box::new(m20220101_000003_create_user_table::Migration),
-            Box::new(m20220101_000004_create_resource_group_table::Migration),
-            Box::new(m20220101_000005_create_resource_table::Migration),
-            Box::new(m20220101_000006_create_refresh_token_table::Migration),
-            Box::new(m20220101_000007_create_api_user_table::Migration),
-            Box::new(m20220101_000008_create_session_table::Migration),
-            Box::new(m20220101_000009_create_verification_table::Migration),
+            Box::new(m20250101_000001_create_realm_table::Migration),
+            Box::new(m20250101_000002_create_client_table::Migration),
+            Box::new(m20250101_000003_create_user_table::Migration),
+            Box::new(m20250101_000004_create_resource_group_table::Migration),
+            Box::new(m20250101_000005_create_resource_table::Migration),
+            Box::new(m20250101_000006_create_refresh_token_table::Migration),
+            Box::new(m20250101_000007_create_api_user_table::Migration),
+            Box::new(m20250101_000008_create_session_table::Migration),
+            Box::new(m20250101_000009_create_verification_table::Migration),
         ]
     }
 }

migration/src/m20220101_000001_create_realm_table.rs → migration/src/m20250101_000001_create_realm_table.rs

@@ -20,6 +20,7 @@ impl MigrationTrait for Migration {
                     .col(ColumnDef::new(Realm::UseRefreshToken).boolean().not_null().default(true))
                     .col(ColumnDef::new(Realm::RefreshTokenLifetime).integer().not_null().default(3600))
                     .col(ColumnDef::new(Realm::RefreshTokenReuseLimit).integer().not_null().default(0))
+                    .col(ColumnDef::new(Realm::IsAccountActivationRequired).boolean().not_null().default(false))
                     .col(ColumnDef::new(Realm::LockedAt).timestamp_with_time_zone())
                     .col(
                         ColumnDef::new(Realm::CreatedAt)
@@ -54,6 +55,7 @@ pub enum Realm {
     UseRefreshToken,
     RefreshTokenLifetime,
     RefreshTokenReuseLimit,
+    IsAccountActivationRequired,
     LockedAt,
     CreatedAt,
     UpdatedAt,

migration/src/m20220101_000002_create_client_table.rs → migration/src/m20250101_000002_create_client_table.rs

@@ -1,4 +1,4 @@
-use super::m20220101_000001_create_realm_table::Realm;
+use super::m20250101_000001_create_realm_table::Realm;
 use sea_orm::sqlx::types::chrono;
 use sea_orm_migration::prelude::*;
 
@@ -21,6 +21,7 @@ impl MigrationTrait for Migration {
                     .col(ColumnDef::new(Client::UseRefreshToken).boolean().not_null().default(true))
                     .col(ColumnDef::new(Client::RefreshTokenLifetime).integer().not_null().default(3600))
                     .col(ColumnDef::new(Client::RefreshTokenReuseLimit).integer().not_null().default(0))
+                    .col(ColumnDef::new(Client::IsAccountActivationRequired).boolean().not_null().default(false))
                     .col(ColumnDef::new(Client::LockedAt).timestamp_with_time_zone())
                     .col(ColumnDef::new(Client::RealmId).uuid().not_null())
                     .foreign_key(
@@ -64,6 +65,7 @@ pub enum Client {
     UseRefreshToken,
     RefreshTokenLifetime,
     RefreshTokenReuseLimit,
+    IsAccountActivationRequired,
     LockedAt,
     RealmId,
     CreatedAt,

migration/src/m20220101_000003_create_user_table.rs → migration/src/m20250101_000003_create_user_table.rs

@@ -1,4 +1,4 @@
-use super::m20220101_000001_create_realm_table::Realm;
+use super::m20250101_000001_create_realm_table::Realm;
 use sea_orm::sqlx::types::chrono;
 use sea_orm_migration::prelude::*;
 
@@ -23,6 +23,7 @@ impl MigrationTrait for Migration {
                     .col(ColumnDef::new(User::TwoFactorEnabledAt).timestamp_with_time_zone())
                     .col(ColumnDef::new(User::PasswordHash).string())
                     .col(ColumnDef::new(User::IsTempPassword).boolean().not_null().default(true))
+                    .col(ColumnDef::new(User::IsAccountActivated).boolean().not_null().default(false))
                     .col(ColumnDef::new(User::LockedAt).timestamp_with_time_zone())
                     .col(ColumnDef::new(User::RealmId).uuid().not_null())
                     .foreign_key(
@@ -75,6 +76,7 @@ pub enum User {
     TwoFactorEnabledAt,
     PasswordHash,
     IsTempPassword,
+    IsAccountActivated,
     LockedAt,
     RealmId,
     CreatedAt,

migration/src/m20220101_000004_create_resource_group_table.rs → migration/src/m20250101_000004_create_resource_group_table.rs

@@ -1,6 +1,6 @@
-use super::m20220101_000001_create_realm_table::Realm;
-use super::m20220101_000002_create_client_table::Client;
-use super::m20220101_000003_create_user_table::User;
+use super::m20250101_000001_create_realm_table::Realm;
+use super::m20250101_000002_create_client_table::Client;
+use super::m20250101_000003_create_user_table::User;
 use sea_orm::sqlx::types::chrono;
 use sea_orm_migration::prelude::*;
 

migration/src/m20220101_000005_create_resource_table.rs → migration/src/m20250101_000005_create_resource_table.rs

@@ -1,4 +1,4 @@
-use super::m20220101_000004_create_resource_group_table::ResourceGroup;
+use super::m20250101_000004_create_resource_group_table::ResourceGroup;
 use sea_orm::sqlx::types::chrono;
 use sea_orm_migration::prelude::*;
 

migration/src/m20220101_000006_create_refresh_token_table.rs → migration/src/m20250101_000006_create_refresh_token_table.rs

@@ -1,6 +1,6 @@
-use super::m20220101_000002_create_client_table::Client;
-use super::m20220101_000003_create_user_table::User;
-use crate::m20220101_000001_create_realm_table::Realm;
+use super::m20250101_000002_create_client_table::Client;
+use super::m20250101_000003_create_user_table::User;
+use crate::m20250101_000001_create_realm_table::Realm;
 use sea_orm::sqlx::types::chrono;
 use sea_orm_migration::prelude::*;
 

migration/src/m20220101_000007_create_api_user_table.rs → migration/src/m20250101_000007_create_api_user_table.rs

@@ -1,5 +1,5 @@
-use super::m20220101_000002_create_client_table::Client;
-use crate::m20220101_000001_create_realm_table::Realm;
+use super::m20250101_000002_create_client_table::Client;
+use crate::m20250101_000001_create_realm_table::Realm;
 use sea_orm::sqlx::types::chrono;
 use sea_orm::{ActiveEnum, DbBackend, DeriveActiveEnum, EnumIter, Schema};
 use sea_orm_migration::prelude::*;

migration/src/m20220101_000008_create_session_table.rs → migration/src/m20250101_000008_create_session_table.rs

@@ -1,7 +1,6 @@
-use crate::m20220101_000006_create_refresh_token_table::RefreshToken;
-
-use super::m20220101_000002_create_client_table::Client;
-use super::m20220101_000003_create_user_table::User;
+use crate::m20250101_000002_create_client_table::Client;
+use crate::m20250101_000003_create_user_table::User;
+use crate::m20250101_000006_create_refresh_token_table::RefreshToken;
 use sea_orm::sqlx::types::chrono;
 use sea_orm_migration::prelude::*;
 

migration/src/m20220101_000009_create_verification_table.rs → migration/src/m20250101_000009_create_verification_table.rs

@@ -1,4 +1,4 @@
-use super::m20220101_000003_create_user_table::User;
+use crate::m20250101_000003_create_user_table::User;
 use sea_orm::{ActiveEnum, DbBackend, DeriveActiveEnum, EnumIter, Schema};
 use sea_orm_migration::prelude::*;
 

src/handlers/auth.rs

@@ -61,6 +61,11 @@ pub async fn login(
         return Err(Error::Authenticate(AuthenticateError::MaxConcurrentSessions));
     }
 
+    if client.is_account_activation_required && !user.is_account_activated {
+        debug!("User is not activated");
+        return Err(Error::Authenticate(AuthenticateError::AccountNotActivated));
+    }
+
     let login_response = create_session_and_refresh_token(state, user, client, resource_groups, session_info).await?;
     Ok(Json(login_response))
 }

src/handlers/client/mod.rs

@@ -75,10 +75,12 @@ pub async fn update_client(
     Path((realm_id, client_id)): Path<(Uuid, Uuid)>,
     Json(payload): Json<UpdateClientRequest>,
 ) -> Result<Json<client::Model>, Error> {
+    println!("client update request");
     if !api_user.has_access(ApiUserScope::Client, ApiUserAccess::Update) {
         return Err(Error::Authenticate(AuthenticateError::NoResource));
     }
 
+    println!("access level");
     let client = update_client_by_id(&state.db, realm_id, client_id, payload).await?;
     Ok(Json(client))
 }