Make functions work with both connection and pool (#3420)

[lemmy.git] / crates / api / src / local_user / login.rs

diff --git a/crates/api/src/local_user/login.rs b/crates/api/src/local_user/login.rs
index 990424c0a871495f964d6b372f4b148ff905e8ad..4b5ea0fafcfed3648135f89ee89afe2181ce8b1f 100644 (file)
--- a/crates/api/src/local_user/login.rs
+++ b/crates/api/src/local_user/login.rs
@@ -2,35 +2,33 @@ use crate::Perform;
 use actix_web::web::Data;
 use bcrypt::verify;
 use lemmy_api_common::{
+  context::LemmyContext,
   person::{Login, LoginResponse},
-  utils::{blocking, check_registration_application, check_user_valid},
+  utils::{check_registration_application, check_user_valid},
+};
+use lemmy_db_views::structs::{LocalUserView, SiteView};
+use lemmy_utils::{
+  claims::Claims,
+  error::{LemmyError, LemmyErrorExt, LemmyErrorType},
+  utils::validation::check_totp_2fa_valid,
 };
-use lemmy_db_schema::source::local_site::LocalSite;
-use lemmy_db_views::structs::LocalUserView;
-use lemmy_utils::{claims::Claims, error::LemmyError, ConnectionId};
-use lemmy_websocket::LemmyContext;
 
 #[async_trait::async_trait(?Send)]
 impl Perform for Login {
   type Response = LoginResponse;
 
-  #[tracing::instrument(skip(context, _websocket_id))]
-  async fn perform(
-    &self,
-    context: &Data<LemmyContext>,
-    _websocket_id: Option<ConnectionId>,
-  ) -> Result<LoginResponse, LemmyError> {
+  #[tracing::instrument(skip(context))]
+  async fn perform(&self, context: &Data<LemmyContext>) -> Result<LoginResponse, LemmyError> {
     let data: &Login = self;
 
-    let local_site = blocking(context.pool(), LocalSite::read).await??;
+    let site_view = SiteView::read_local(&mut context.pool()).await?;
 
     // Fetch that username / email
     let username_or_email = data.username_or_email.clone();
-    let local_user_view = blocking(context.pool(), move |conn| {
-      LocalUserView::find_by_email_or_name(conn, &username_or_email)
-    })
-    .await?
-    .map_err(|e| LemmyError::from_error_message(e, "couldnt_find_that_username_or_email"))?;
+    let local_user_view =
+      LocalUserView::find_by_email_or_name(&mut context.pool(), &username_or_email)
+        .await
+        .with_lemmy_type(LemmyErrorType::IncorrectLogin)?;
 
     // Verify the password
     let valid: bool = verify(
@@ -39,7 +37,7 @@ impl Perform for Login {
     )
     .unwrap_or(false);
     if !valid {
-      return Err(LemmyError::from_message("password_incorrect"));
+      return Err(LemmyErrorType::IncorrectLogin)?;
     }
     check_user_valid(
       local_user_view.person.banned,
@@ -47,11 +45,25 @@ impl Perform for Login {
       local_user_view.person.deleted,
     )?;
 
-    if local_site.require_email_verification && !local_user_view.local_user.email_verified {
-      return Err(LemmyError::from_message("email_not_verified"));
+    // Check if the user's email is verified if email verification is turned on
+    // However, skip checking verification if the user is an admin
+    if !local_user_view.person.admin
+      && site_view.local_site.require_email_verification
+      && !local_user_view.local_user.email_verified
+    {
+      return Err(LemmyErrorType::EmailNotVerified)?;
     }
 
-    check_registration_application(&local_user_view, &local_site, context.pool()).await?;
+    check_registration_application(&local_user_view, &site_view.local_site, &mut context.pool())
+      .await?;
+
+    // Check the totp
+    check_totp_2fa_valid(
+      &local_user_view.local_user.totp_2fa_secret,
+      &data.totp_2fa_token,
+      &site_view.site.name,
+      &local_user_view.person.name,
+    )?;
 
     // Return the jwt
     Ok(LoginResponse {