update last_used on verify_user_token

2024-02-11 20:00:05 +01:00 · 2024-02-11 20:00:05 +01:00 · e913de5e8d
parent 731f6f2f6c
commit e913de5e8d
2 changed files with 33 additions and 3 deletions
--- a/src/auth/mod.rs
+++ b/src/auth/mod.rs
@ -83,6 +83,9 @@ impl UserAuthenticator {
        Self { db, backends }
    }

+    /// Attempt to verify credentials against all backends and return the user's most recent token if they match.
+    ///
+    /// If a valid token already exists, return it; if not, create a new one.
    #[instrument]
    pub async fn get_user_token(
        &self,
@ -108,12 +111,9 @@ impl UserAuthenticator {
            return Err(AuthenticationError::InvalidUserOrPassword);
        };

-        // if a valid token exists, return it; if not, create a new one
        let mut db = self.db.lock().await;
        let token =
            if let Some(UserTokenEntry::Valid(old_token, _, _)) = db.get_token(&username).await? {
-                // TODO: update old_token's last_used value
-
                old_token
            } else {
                let new_token =
@ -127,6 +127,9 @@ impl UserAuthenticator {
        Ok((username, token))
    }

+    /// Check if the passed token matches the user's currently active one.
+    ///
+    /// Additionally, update the token's `last_used` value if verification is successful.
    #[instrument]
    pub async fn verify_user_token(
        &self,
@ -137,6 +140,7 @@ impl UserAuthenticator {

        if let Some(UserTokenEntry::Valid(user_token, ..)) = &db.get_token(username).await? {
            if token == user_token {
+                db.update_token_last_used(username, token).await?;
                return Ok(());
            }
        }
--- a/src/db.rs
+++ b/src/db.rs
@ -28,6 +28,12 @@ pub trait Database: Debug {
    async fn get_token(&mut self, username: &str) -> Result<Option<UserTokenEntry>, sqlx::Error>;

    async fn save_token(&mut self, username: &str, token: &UserToken) -> Result<(), sqlx::Error>;
+
+    async fn update_token_last_used(
+        &mut self,
+        username: &str,
+        token: &UserToken,
+    ) -> Result<(), sqlx::Error>;
 }

 #[derive(Debug)]
@ -122,4 +128,24 @@ impl Database for SqliteDatabase {

        Ok(())
    }
+
+    #[instrument]
+    async fn update_token_last_used(
+        &mut self,
+        username: &str,
+        token: &UserToken,
+    ) -> Result<(), sqlx::Error> {
+        let token_inner = token.0.expose_secret();
+        query!(
+            "UPDATE user_tokens
+            SET last_used = DATETIME('NOW')
+            WHERE username = $1 AND token = $2",
+            username,
+            token_inner
+        )
+        .execute(&mut self.conn)
+        .await?;
+
+        Ok(())
+    }
 }