diff --git a/src/api/core/accounts.rs b/src/api/core/accounts.rs index 489854d..39b4ae8 100644 --- a/src/api/core/accounts.rs +++ b/src/api/core/accounts.rs @@ -1,13 +1,13 @@ -use rocket_contrib::json::Json; use chrono::Utc; +use rocket_contrib::json::Json; use crate::db::models::*; use crate::db::DbConn; use crate::api::{EmptyResult, JsonResult, JsonUpcase, Notify, NumberOrString, PasswordData, UpdateType}; -use crate::auth::{decode_invite, decode_delete, decode_verify_email, Headers}; -use crate::mail; +use crate::auth::{decode_delete, decode_invite, decode_verify_email, Headers}; use crate::crypto; +use crate::mail; use crate::CONFIG; @@ -414,20 +414,21 @@ fn post_email(data: JsonUpcase, headers: Headers, conn: DbConn) match user.email_new { Some(ref val) => { - if *val != data.NewEmail.to_string() { + if val != &data.NewEmail { err!("Email change mismatch"); } - }, + } None => err!("No email change pending"), } if CONFIG.mail_enabled() { // Only check the token if we sent out an email... match user.email_new_token { - Some(ref val) => + Some(ref val) => { if *val != data.Token.into_string() { err!("Token mismatch"); } + } None => err!("No email change pending"), } user.verified_at = Some(Utc::now().naive_utc()); @@ -480,11 +481,9 @@ fn post_verify_email_token(data: JsonUpcase, conn: DbConn) Ok(claims) => claims, Err(_) => err!("Invalid claim"), }; - if claims.sub != user.uuid { - err!("Invalid claim"); + err!("Invalid claim"); } - user.verified_at = Some(Utc::now().naive_utc()); user.last_verifying_at = None; user.login_verify_count = 0; @@ -501,7 +500,7 @@ struct DeleteRecoverData { Email: String, } -#[post("/accounts/delete-recover", data="")] +#[post("/accounts/delete-recover", data = "")] fn post_delete_recover(data: JsonUpcase, conn: DbConn) -> EmptyResult { let data: DeleteRecoverData = data.into_inner().data; @@ -530,7 +529,7 @@ struct DeleteRecoverTokenData { Token: String, } -#[post("/accounts/delete-recover-token", data="")] +#[post("/accounts/delete-recover-token", data = "")] fn post_delete_recover_token(data: JsonUpcase, conn: DbConn) -> EmptyResult { let data: DeleteRecoverTokenData = data.into_inner().data; @@ -543,11 +542,9 @@ fn post_delete_recover_token(data: JsonUpcase, conn: DbC Ok(claims) => claims, Err(_) => err!("Invalid claim"), }; - if claims.sub != user.uuid { - err!("Invalid claim"); + err!("Invalid claim"); } - user.delete(&conn) } diff --git a/src/api/identity.rs b/src/api/identity.rs index ad475e7..08a72be 100644 --- a/src/api/identity.rs +++ b/src/api/identity.rs @@ -1,9 +1,9 @@ +use chrono::Utc; use num_traits::FromPrimitive; use rocket::request::{Form, FormItems, FromForm}; use rocket::Route; use rocket_contrib::json::Json; use serde_json::Value; -use chrono::Utc; use crate::api::core::two_factor::email::EmailTokenData; use crate::api::core::two_factor::{duo, email, yubikey}; @@ -97,7 +97,7 @@ fn _password_login(data: ConnectData, conn: DbConn, ip: ClientIp) -> JsonResult ) } - if !user.verified_at.is_some() && CONFIG.mail_enabled() && CONFIG.signups_verify() { + if user.verified_at.is_none() && CONFIG.mail_enabled() && CONFIG.signups_verify() { let now = Utc::now().naive_utc(); if user.last_verifying_at.is_none() || now.signed_duration_since(user.last_verifying_at.unwrap()).num_seconds() > CONFIG.signups_verify_resend_time() as i64 { let resend_limit = CONFIG.signups_verify_resend_limit() as i32; @@ -106,7 +106,7 @@ fn _password_login(data: ConnectData, conn: DbConn, ip: ClientIp) -> JsonResult // their email address, and we haven't sent them a reminder in a while... let mut user = user; user.last_verifying_at = Some(now); - user.login_verify_count = user.login_verify_count + 1; + user.login_verify_count += 1; if let Err(e) = user.save(&conn) { error!("Error updating user: {:#?}", e);