lemmy_api 0.18.2

A link aggregator for the fediverse
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76

use crate::Perform;
use actix_web::web::Data;
use bcrypt::verify;
use lemmy_api_common::{
  context::LemmyContext,
  person::{Login, LoginResponse},
  utils::{check_registration_application, check_user_valid},
};
use lemmy_db_views::structs::{LocalUserView, SiteView};
use lemmy_utils::{claims::Claims, error::LemmyError, utils::validation::check_totp_2fa_valid};

#[async_trait::async_trait(?Send)]
impl Perform for Login {
  type Response = LoginResponse;

  #[tracing::instrument(skip(context))]
  async fn perform(&self, context: &Data<LemmyContext>) -> Result<LoginResponse, LemmyError> {
    let data: &Login = self;

    let site_view = SiteView::read_local(context.pool()).await?;

    // Fetch that username / email
    let username_or_email = data.username_or_email.clone();
    let local_user_view = LocalUserView::find_by_email_or_name(context.pool(), &username_or_email)
      .await
      .map_err(|e| LemmyError::from_error_message(e, "incorrect_login"))?;

    // Verify the password
    let valid: bool = verify(
      &data.password,
      &local_user_view.local_user.password_encrypted,
    )
    .unwrap_or(false);
    if !valid {
      return Err(LemmyError::from_message("incorrect_login"));
    }
    check_user_valid(
      local_user_view.person.banned,
      local_user_view.person.ban_expires,
      local_user_view.person.deleted,
    )?;

    // Check if the user's email is verified if email verification is turned on
    // However, skip checking verification if the user is an admin
    if !local_user_view.person.admin
      && site_view.local_site.require_email_verification
      && !local_user_view.local_user.email_verified
    {
      return Err(LemmyError::from_message("email_not_verified"));
    }

    check_registration_application(&local_user_view, &site_view.local_site, context.pool()).await?;

    // Check the totp
    check_totp_2fa_valid(
      &local_user_view.local_user.totp_2fa_secret,
      &data.totp_2fa_token,
      &site_view.site.name,
      &local_user_view.person.name,
    )?;

    // Return the jwt
    Ok(LoginResponse {
      jwt: Some(
        Claims::jwt(
          local_user_view.local_user.id.0,
          &context.secret().jwt_secret,
          &context.settings().hostname,
        )?
        .into(),
      ),
      verify_email_sent: false,
      registration_created: false,
    })
  }
}