Add `change password` UI + API.

The protocol here re-checks the caller's password, as a "I left myself logged in" anti-pranking check.
author: Owen Jacobson <owen@grimoire.ca> 2024-10-29 23:29:22 -0400
committer: Owen Jacobson <owen@grimoire.ca> 2024-10-29 23:29:22 -0400
commit: 66d3fcf2e22f057bacce8d97d43a13c1c5a9ad09 (patch)
tree: 60995943e14a6568cf2b37622ce97df121865a6d /src/token/repo
parent: e328d33fc7d6a0f2e3d260d8bddee3ef633318eb (diff)
2 files changed, 47 insertions, 0 deletions
diff --git a/src/token/repo/auth.rs b/src/token/repo/auth.rs
index bdc4c33..b51db8c 100644
--- a/src/token/repo/auth.rs
+++ b/src/token/repo/auth.rs
@@ -50,6 +50,35 @@ impl<'t> Auth<'t> {
 
         Ok((login, row.password_hash))
     }
+
+    pub async fn for_login(&mut self, login: &Login) -> Result<(History, StoredHash), LoadError> {
+        let row = sqlx::query!(
+            r#"
+                select
+                    id as "id: login::Id",
+                    display_name as "display_name: String",
+                    canonical_name as "canonical_name: String",
+                    created_sequence as "created_sequence: Sequence",
+                    created_at as "created_at: DateTime",
+                    password_hash as "password_hash: StoredHash"
+                from login
+                where id = $1
+            "#,
+            login.id,
+        )
+        .fetch_one(&mut *self.0)
+        .await?;
+
+        let login = History {
+            login: Login {
+                id: row.id,
+                name: Name::new(row.display_name, row.canonical_name)?,
+            },
+            created: Instant::new(row.created_at, row.created_sequence),
+        };
+
+        Ok((login, row.password_hash))
+    }
 }
 
 #[derive(Debug, thiserror::Error)]
diff --git a/src/token/repo/token.rs b/src/token/repo/token.rs
index 35ea385..33b89d5 100644
--- a/src/token/repo/token.rs
+++ b/src/token/repo/token.rs
@@ -84,6 +84,24 @@ impl<'c> Tokens<'c> {
         Ok(())
     }
 
+    // Revoke tokens for a login
+    pub async fn revoke_all(&mut self, login: &login::History) -> Result<Vec<Id>, sqlx::Error> {
+        let login = login.id();
+        let tokens = sqlx::query_scalar!(
+            r#"
+                delete
+                from token
+                where login = $1
+                returning id as "id: Id"
+            "#,
+            login,
+        )
+        .fetch_all(&mut *self.0)
+        .await?;
+
+        Ok(tokens)
+    }
+
     // Expire and delete all tokens that haven't been used more recently than
     // `expire_at`.
     pub async fn expire(&mut self, expire_at: &DateTime) -> Result<Vec<Id>, sqlx::Error> {
author	Owen Jacobson <owen@grimoire.ca>	2024-10-29 23:29:22 -0400
committer	Owen Jacobson <owen@grimoire.ca>	2024-10-29 23:29:22 -0400
commit	66d3fcf2e22f057bacce8d97d43a13c1c5a9ad09 (patch)
tree	60995943e14a6568cf2b37622ce97df121865a6d /src/token/repo
parent	e328d33fc7d6a0f2e3d260d8bddee3ef633318eb (diff)