pub fn login(
db: &Database,
item: &LoginInput,
) -> Result<(String, String), (u16, &'static str)>Expand description
/login
creates a user session for the user associated with item
in the request body (have the content-type header set to application/json and content that can be deserialized into LoginInput)
§Returns Result
- Ok([
AccessToken], [RefreshToken])- an access token that should be sent to the user in the response body,
- a reset token that should be sent as a secure, http-only, and
same_site=strictcookie.
- Err([
StatusCode], [Message])
§Errors
- 400: ‘device’ cannot be longer than 256 characters.
- 400: Account has not been activated.
- 401: Invalid credentials.
§Panics
- could not connect to database
- verifying the password hash fails
TODO: neither of these should panic, just return an error