aboutsummaryrefslogtreecommitdiff
path: root/backend/src/db
diff options
context:
space:
mode:
authorIlion Beyst <ilion.beyst@gmail.com>2021-12-15 22:40:55 +0100
committerIlion Beyst <ilion.beyst@gmail.com>2021-12-15 22:40:55 +0100
commit6aa72b3c8717f32e62c772aeed327d3cd9a6fa65 (patch)
treee6ac67e68c410aed1f0baa2857aeaf60d73448bd /backend/src/db
parent13cdbc7ff760ae91ee3f62b2a2f62c7559ccaa3c (diff)
downloadplanetwars.dev-6aa72b3c8717f32e62c772aeed327d3cd9a6fa65.tar.xz
planetwars.dev-6aa72b3c8717f32e62c772aeed327d3cd9a6fa65.zip
gracefully handle invalid login credentials
Diffstat (limited to 'backend/src/db')
-rw-r--r--backend/src/db/users.rs32
1 files changed, 17 insertions, 15 deletions
diff --git a/backend/src/db/users.rs b/backend/src/db/users.rs
index c06e5b3..29cee88 100644
--- a/backend/src/db/users.rs
+++ b/backend/src/db/users.rs
@@ -58,24 +58,26 @@ pub fn create_user(credentials: &Credentials, conn: &PgConnection) -> QueryResul
}
pub fn authenticate_user(credentials: &Credentials, db_conn: &PgConnection) -> Option<User> {
- let user = users::table
+ users::table
.filter(users::username.eq(&credentials.username))
.first::<User>(db_conn)
- .unwrap();
+ .optional()
+ .unwrap()
+ .and_then(|user| {
+ let password_matches = argon2::verify_raw(
+ credentials.password.as_bytes(),
+ &user.password_salt,
+ &user.password_hash,
+ &argon2_config(),
+ )
+ .unwrap();
- let password_matches = argon2::verify_raw(
- credentials.password.as_bytes(),
- &user.password_salt,
- &user.password_hash,
- &argon2_config(),
- )
- .unwrap();
-
- if password_matches {
- return Some(user);
- } else {
- return None;
- }
+ if password_matches {
+ return Some(user);
+ } else {
+ return None;
+ }
+ })
}
#[test]