X-Git-Url: http://these/git/?a=blobdiff_plain;f=crates%2Fapi%2Fsrc%2Flocal_user%2Fsave_settings.rs;h=152c11ad12e1e9c6c0840bb82603ad905d1a1369;hb=3471f3533cb724b2cf6953d563aadfcc9f66c1d2;hp=e8a94ff60cc00ecc9d81c965362188a636122604;hpb=e4a49b6eabcf34fb4adfa7ccd4024e5ddda93d54;p=lemmy.git

diff --git a/crates/api/src/local_user/save_settings.rs b/crates/api/src/local_user/save_settings.rs
index e8a94ff6..152c11ad 100644
--- a/crates/api/src/local_user/save_settings.rs
+++ b/crates/api/src/local_user/save_settings.rs
@@ -1,173 +1,161 @@
 use crate::Perform;
 use actix_web::web::Data;
 use lemmy_api_common::{
+  context::LemmyContext,
   person::{LoginResponse, SaveUserSettings},
-  utils::{blocking, get_local_user_view_from_jwt, send_verification_email},
+  utils::{local_user_view_from_jwt, sanitize_html_opt, send_verification_email},
 };
 use lemmy_db_schema::{
   source::{
-    local_user::{LocalUser, LocalUserForm},
-    local_user_language::LocalUserLanguage,
-    person::{Person, PersonForm},
-    site::Site,
+    actor_language::LocalUserLanguage,
+    local_user::{LocalUser, LocalUserUpdateForm},
+    person::{Person, PersonUpdateForm},
   },
   traits::Crud,
-  utils::{diesel_option_overwrite, diesel_option_overwrite_to_url, naive_now},
+  utils::{diesel_option_overwrite, diesel_option_overwrite_to_url},
 };
+use lemmy_db_views::structs::SiteView;
 use lemmy_utils::{
   claims::Claims,
-  error::LemmyError,
-  utils::{is_valid_display_name, is_valid_matrix_id},
-  ConnectionId,
+  error::{LemmyError, LemmyErrorExt, LemmyErrorType},
+  utils::validation::{
+    build_totp_2fa,
+    generate_totp_2fa_secret,
+    is_valid_bio_field,
+    is_valid_display_name,
+    is_valid_matrix_id,
+  },
 };
-use lemmy_websocket::LemmyContext;
 
 #[async_trait::async_trait(?Send)]
 impl Perform for SaveUserSettings {
   type Response = LoginResponse;
 
-  #[tracing::instrument(skip(context, _websocket_id))]
-  async fn perform(
-    &self,
-    context: &Data<LemmyContext>,
-    _websocket_id: Option<ConnectionId>,
-  ) -> Result<LoginResponse, LemmyError> {
+  #[tracing::instrument(skip(context))]
+  async fn perform(&self, context: &Data<LemmyContext>) -> Result<LoginResponse, LemmyError> {
     let data: &SaveUserSettings = self;
-    let local_user_view =
-      get_local_user_view_from_jwt(&data.auth, context.pool(), context.secret()).await?;
+    let local_user_view = local_user_view_from_jwt(&data.auth, context).await?;
+    let site_view = SiteView::read_local(&mut context.pool()).await?;
+
+    let bio = sanitize_html_opt(&data.bio);
+    let display_name = sanitize_html_opt(&data.display_name);
 
     let avatar = diesel_option_overwrite_to_url(&data.avatar)?;
     let banner = diesel_option_overwrite_to_url(&data.banner)?;
-    let bio = diesel_option_overwrite(&data.bio);
-    let display_name = diesel_option_overwrite(&data.display_name);
-    let matrix_user_id = diesel_option_overwrite(&data.matrix_user_id);
-    let bot_account = data.bot_account;
-    let email_deref = data.email.as_deref().map(|e| e.to_owned());
-    let email = diesel_option_overwrite(&email_deref);
+    let bio = diesel_option_overwrite(bio);
+    let display_name = diesel_option_overwrite(display_name);
+    let matrix_user_id = diesel_option_overwrite(data.matrix_user_id.clone());
+    let email_deref = data.email.as_deref().map(str::to_lowercase);
+    let email = diesel_option_overwrite(email_deref.clone());
 
     if let Some(Some(email)) = &email {
       let previous_email = local_user_view.local_user.email.clone().unwrap_or_default();
       // Only send the verification email if there was an email change
       if previous_email.ne(email) {
-        send_verification_email(&local_user_view, email, context.pool(), context.settings())
-          .await?;
+        send_verification_email(
+          &local_user_view,
+          email,
+          &mut context.pool(),
+          context.settings(),
+        )
+        .await?;
       }
     }
 
     // When the site requires email, make sure email is not Some(None). IE, an overwrite to a None value
     if let Some(email) = &email {
-      let site_fut = blocking(context.pool(), Site::read_local_site);
-      if email.is_none() && site_fut.await??.require_email_verification {
-        return Err(LemmyError::from_message("email_required"));
+      if email.is_none() && site_view.local_site.require_email_verification {
+        return Err(LemmyErrorType::EmailRequired)?;
       }
     }
 
     if let Some(Some(bio)) = &bio {
-      if bio.chars().count() > 300 {
-        return Err(LemmyError::from_message("bio_length_overflow"));
-      }
+      is_valid_bio_field(bio)?;
     }
 
     if let Some(Some(display_name)) = &display_name {
-      if !is_valid_display_name(
+      is_valid_display_name(
         display_name.trim(),
-        context.settings().actor_name_max_length,
-      ) {
-        return Err(LemmyError::from_message("invalid_username"));
-      }
+        site_view.local_site.actor_name_max_length as usize,
+      )?;
     }
 
     if let Some(Some(matrix_user_id)) = &matrix_user_id {
-      if !is_valid_matrix_id(matrix_user_id) {
-        return Err(LemmyError::from_message("invalid_matrix_id"));
-      }
+      is_valid_matrix_id(matrix_user_id)?;
     }
 
     let local_user_id = local_user_view.local_user.id;
     let person_id = local_user_view.person.id;
     let default_listing_type = data.default_listing_type;
     let default_sort_type = data.default_sort_type;
-    let password_encrypted = local_user_view.local_user.password_encrypted;
-    let public_key = Some(local_user_view.person.public_key);
-
-    let person_form = PersonForm {
-      name: local_user_view.person.name,
-      avatar,
-      banner,
-      inbox_url: None,
-      display_name,
-      published: None,
-      updated: Some(naive_now()),
-      banned: None,
-      deleted: None,
-      actor_id: None,
-      bio,
-      local: None,
-      admin: None,
-      private_key: None,
-      public_key,
-      last_refreshed_at: None,
-      shared_inbox_url: None,
-      matrix_user_id,
-      bot_account,
-      ban_expires: None,
-    };
+    let theme = sanitize_html_opt(&data.theme);
 
-    blocking(context.pool(), move |conn| {
-      Person::update(conn, person_id, &person_form)
-    })
-    .await?
-    .map_err(|e| LemmyError::from_error_message(e, "user_already_exists"))?;
+    let person_form = PersonUpdateForm::builder()
+      .display_name(display_name)
+      .bio(bio)
+      .matrix_user_id(matrix_user_id)
+      .bot_account(data.bot_account)
+      .avatar(avatar)
+      .banner(banner)
+      .build();
 
-    if let Some(discussion_languages) = data.discussion_languages.clone() {
-      // An empty array is a "clear" / set all languages
-      let languages = if discussion_languages.is_empty() {
-        None
-      } else {
-        Some(discussion_languages)
-      };
+    Person::update(&mut context.pool(), person_id, &person_form)
+      .await
+      .with_lemmy_type(LemmyErrorType::UserAlreadyExists)?;
 
-      blocking(context.pool(), move |conn| {
-        LocalUserLanguage::update_user_languages(conn, languages, local_user_id)
-      })
-      .await??;
+    if let Some(discussion_languages) = data.discussion_languages.clone() {
+      LocalUserLanguage::update(&mut context.pool(), discussion_languages, local_user_id).await?;
     }
 
-    let local_user_form = LocalUserForm {
-      person_id: Some(person_id),
-      email,
-      password_encrypted: Some(password_encrypted),
-      show_nsfw: data.show_nsfw,
-      show_bot_accounts: data.show_bot_accounts,
-      show_scores: data.show_scores,
-      theme: data.theme.to_owned(),
-      default_sort_type,
-      default_listing_type,
-      interface_language: data.interface_language.to_owned(),
-      show_avatars: data.show_avatars,
-      show_read_posts: data.show_read_posts,
-      show_new_post_notifs: data.show_new_post_notifs,
-      send_notifications_to_email: data.send_notifications_to_email,
-      email_verified: None,
-      accepted_application: None,
+    // If generate_totp is Some(false), this will clear it out from the database.
+    let (totp_2fa_secret, totp_2fa_url) = if let Some(generate) = data.generate_totp_2fa {
+      if generate {
+        let secret = generate_totp_2fa_secret();
+        let url =
+          build_totp_2fa(&site_view.site.name, &local_user_view.person.name, &secret)?.get_url();
+        (Some(Some(secret)), Some(Some(url)))
+      } else {
+        (Some(None), Some(None))
+      }
+    } else {
+      (None, None)
     };
 
-    let local_user_res = blocking(context.pool(), move |conn| {
-      LocalUser::update(conn, local_user_id, &local_user_form)
-    })
-    .await?;
+    let local_user_form = LocalUserUpdateForm::builder()
+      .email(email)
+      .show_avatars(data.show_avatars)
+      .show_read_posts(data.show_read_posts)
+      .show_new_post_notifs(data.show_new_post_notifs)
+      .send_notifications_to_email(data.send_notifications_to_email)
+      .show_nsfw(data.show_nsfw)
+      .blur_nsfw(data.blur_nsfw)
+      .auto_expand(data.auto_expand)
+      .show_bot_accounts(data.show_bot_accounts)
+      .show_scores(data.show_scores)
+      .default_sort_type(default_sort_type)
+      .default_listing_type(default_listing_type)
+      .theme(theme)
+      .interface_language(data.interface_language.clone())
+      .totp_2fa_secret(totp_2fa_secret)
+      .totp_2fa_url(totp_2fa_url)
+      .open_links_in_new_tab(data.open_links_in_new_tab)
+      .infinite_scroll_enabled(data.infinite_scroll_enabled)
+      .build();
+
+    let local_user_res =
+      LocalUser::update(&mut context.pool(), local_user_id, &local_user_form).await;
     let updated_local_user = match local_user_res {
       Ok(u) => u,
       Err(e) => {
         let err_type = if e.to_string()
           == "duplicate key value violates unique constraint \"local_user_email_key\""
         {
-          "email_already_exists"
+          LemmyErrorType::EmailAlreadyExists
         } else {
-          "user_already_exists"
+          LemmyErrorType::UserAlreadyExists
         };
 
-        return Err(LemmyError::from_error_message(e, err_type));
+        return Err(e).with_lemmy_type(err_type);
       }
     };