add password policy to password reset response JSON (#577)

* add port forward for `mailcrab:1025` in justfile * rename `CsrfTokenResponse` -> `PasswordResetResponse` * add password policy to the password reset JSON response * additional debug logging for insecure SMTP during local dev
sebadob · Sep 30, 2024 · 784ccbf · 784ccbf
1 parent b8ff62d
commit 784ccbf
Show file tree

Hide file tree

Showing 5 changed files with 31 additions and 7 deletions.
diff --git a/justfile b/justfile
@@ -142,6 +142,7 @@ docker-buildx-setup:
 mailcrab-start:
     {{docker}} run -d \
       --net {{container_network}} \
+      -p 1025:1025 \
       -p 1080:1080 \
       --name {{container_mailcrab}} \
       --restart unless-stopped \

diff --git a/src/api/src/openapi.rs b/src/api/src/openapi.rs
@@ -238,7 +238,7 @@ use utoipa::{openapi, OpenApi};
             AppVersionResponse,
             BlacklistResponse,
             BlacklistedIp,
-            CsrfTokenResponse,
+            PasswordResetResponse,
             LoginTimeResponse,
             ClientResponse,
             DeviceCodeResponse,

diff --git a/src/api/src/users.rs b/src/api/src/users.rs
@@ -3,8 +3,8 @@ use actix_web::http::header::{ACCEPT, LOCATION};
 use actix_web::http::StatusCode;
 use actix_web::{delete, get, post, put, web, HttpRequest, HttpResponse, ResponseError};
 use actix_web_validator::{Json, Query};
-use rauthy_api_types::generic::PaginationParams;
-use rauthy_api_types::oidc::CsrfTokenResponse;
+use rauthy_api_types::generic::{PaginationParams, PasswordPolicyResponse};
+use rauthy_api_types::oidc::PasswordResetResponse;
 use rauthy_api_types::users::{
     DeviceRequest, DeviceResponse, MfaPurpose, NewUserRegistrationRequest, NewUserRequest,
     PasskeyResponse, PasswordResetRequest, RequestResetRequest, UpdateUserRequest,
@@ -585,7 +585,7 @@ pub async fn get_user_email_confirm(
     path = "/users/{id}/reset/{reset_id}",
     tag = "users",
     responses(
-        (status = 200, description = "Ok", body = CsrfTokenResponse),
+        (status = 200, description = "Ok", body = PasswordResetResponse),
         (status = 401, description = "Unauthorized", body = ErrorResponse),
         (status = 403, description = "Forbidden", body = ErrorResponse),
     ),
@@ -608,11 +608,22 @@ pub async fn get_user_password_reset(
     match password_reset::handle_get_pwd_reset(&data, req, user_id, reset_id, no_html).await {
         Ok((content, cookie)) => {
             if no_html {
+                let password_policy = match PasswordPolicy::find(&data).await {
+                    Ok(policy) => PasswordPolicyResponse::from(policy),
+                    Err(err) => {
+                        let colors = ColorEntity::find_rauthy(&data).await.unwrap_or_default();
+                        let status = err.status_code();
+                        let body = Error3Html::build(&colors, &lang, status, Some(err.message));
+                        return ErrorHtml::response(body, status);
+                    }
+                };
+
                 HttpResponse::Ok()
                     .cookie(cookie)
                     .insert_header(HEADER_JSON)
-                    .json(CsrfTokenResponse {
+                    .json(PasswordResetResponse {
                         csrf_token: content,
+                        password_policy,
                     })
             } else {
                 HttpResponse::Ok()

diff --git a/src/api_types/src/oidc.rs b/src/api_types/src/oidc.rs
@@ -1,4 +1,5 @@
 use crate::cust_validation::validate_vec_scopes;
+use crate::generic::PasswordPolicyResponse;
 use crate::sessions::SessionState;
 use actix_web::http::header;
 use actix_web::HttpRequest;
@@ -88,8 +89,9 @@ pub struct AuthCodeRequest {
 }
 
 #[derive(Debug, Serialize, ToSchema)]
-pub struct CsrfTokenResponse {
+pub struct PasswordResetResponse {
     pub csrf_token: String,
+    pub password_policy: PasswordPolicyResponse,
 }
 
 #[derive(Debug, Clone, Serialize, Deserialize, ToSchema)]

diff --git a/src/models/src/email.rs b/src/models/src/email.rs
@@ -605,7 +605,7 @@ async fn conn_test_smtp_insecure(
             );
             Ok(conn)
         }
-        Ok(false) | Err(_) => {
+        Ok(false) => {
             error!(
                 "Could not connect to insecure SMTP relay on {}:{}",
                 smtp_url, port
@@ -615,6 +615,16 @@ async fn conn_test_smtp_insecure(
                 "Could not connect to localhost SMTP relay",
             ))
         }
+        Err(err) => {
+            error!(
+                "Could not connect to insecure SMTP relay on {}:{} -> {:?}",
+                smtp_url, port, err
+            );
+            Err(ErrorResponse::new(
+                ErrorResponseType::Internal,
+                "Could not connect to localhost SMTP relay",
+            ))
+        }
     }
 }