Skip to content

Commit

Permalink
Feature: Logins (insecure)
Browse files Browse the repository at this point in the history
  • Loading branch information
@supermario
supermario committed Jun 2, 2021
1 parent 723d4b6 commit a5a2d57
Show file tree
Hide file tree
Showing 6 changed files with 59 additions and 172 deletions.
77 changes: 53 additions & 24 deletions src/Backend.elm
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,6 @@ import Pages.Login
import Pages.Profile.Username_
import Pages.Register
import Pages.Settings
import Stubs exposing (..)
import Task
import Time
import Time.Extra as Time
Expand All @@ -41,22 +40,10 @@ app =

init : ( Model, Cmd BackendMsg )
init =
let
articles =
[ ( stubArticle.slug, stubArticle ), ( stubArticle2.slug, stubArticle2 ) ]
|> Dict.fromList
in
( { sessions = Dict.empty
, users = stubUsersFull |> List.map (\u -> ( u.email, u )) |> Dict.fromList
, articles = articles
, comments =
articles
|> Dict.map
(\k a ->
stubComments
|> List.map (\c -> ( Time.posixToMillis c.createdAt, c ))
|> Dict.fromList
)
, users = Dict.empty
, articles = Dict.empty
, comments = Dict.empty
}
, Cmd.none
)
Expand Down Expand Up @@ -370,15 +357,15 @@ updateFromFrontend sessionId clientId msg model =
model
(\r -> send_ (PageMsg (Gen.Msg.Article__Slug_ (Pages.Article.Slug_.GotAuthor r))))

UserAuthentication_Login { user } ->
UserAuthentication_Login { params } ->
let
( response, cmd ) =
model.users
|> Dict.get user.email
|> Dict.get params.email
|> Maybe.map
(\u ->
if u.password == user.password then
( Success (Api.User.toUser u), renewSession user.email sessionId clientId )
if u.password == params.password then
( Success (Api.User.toUser u), renewSession params.email sessionId clientId )

else
( Failure [ "email or password is invalid" ], Cmd.none )
Expand All @@ -387,11 +374,53 @@ updateFromFrontend sessionId clientId msg model =
in
( model, Cmd.batch [ send_ (PageMsg (Gen.Msg.Login (Pages.Login.GotUser response))), cmd ] )

UserRegistration_Register { user } ->
send (PageMsg (Gen.Msg.Register (Pages.Register.GotUser (Success stubUser))))
UserRegistration_Register { params } ->
let
( model_, cmd, res ) =
if model.users |> Dict.member params.email then
( model, Cmd.none, Failure [ "email address already taken" ] )

else
let
user_ =
{ email = params.email
, username = params.username
, bio = Nothing
, image = "https://static.productionready.io/images/smiley-cyrus.jpg"
, password = params.password
, favorites = []
, following = []
}
in
( { model | users = model.users |> Dict.insert user_.email user_ }
, renewSession params.email sessionId clientId
, Success (Api.User.toUser user_)
)
in
( model_, Cmd.batch [ cmd, send_ (PageMsg (Gen.Msg.Register (Pages.Register.GotUser res))) ] )

UserUpdate_Settings { params } ->
let
( model_, res ) =
case model |> getSessionUser sessionId of
Just user ->
let
user_ =
{ user
| username = params.username

-- , email = params.email
, password = params.password |> Maybe.withDefault user.password
, image = params.image
, bio = Just params.bio
}
in
( model |> updateUser user_, Success (Api.User.toUser user_) )

UserUpdate_Settings { user } ->
send (PageMsg (Gen.Msg.Settings (Pages.Settings.GotUser (Success stubUser))))
Nothing ->
( model, Failure [ "you do not have permission for this user" ] )
in
( model_, send_ (PageMsg (Gen.Msg.Settings (Pages.Settings.GotUser res))) )

NoOpToBackend ->
( model, Cmd.none )
Expand Down
6 changes: 3 additions & 3 deletions src/Bridge.elm
View file
Original file line number Diff line number Diff line change
Expand Up @@ -42,10 +42,10 @@ type ToBackend
| ProfileUnfollow_Profile__Username_ { username : String }
| ProfileFollow_Article__Slug_ { username : String }
| ProfileUnfollow_Article__Slug_ { username : String }
| UserAuthentication_Login { user : { email : String, password : String } }
| UserRegistration_Register { user : { username : String, email : String, password : String } }
| UserAuthentication_Login { params : { email : String, password : String } }
| UserRegistration_Register { params : { username : String, email : String, password : String } }
| UserUpdate_Settings
{ user :
{ params :
{ username : String
, email : String
, password : Maybe String
Expand Down
2 changes: 1 addition & 1 deletion src/Pages/Login.elm
View file
Original file line number Diff line number Diff line change
Expand Up @@ -83,7 +83,7 @@ update req msg model =
( model
, (Effect.fromCmd << sendToBackend) <|
UserAuthentication_Login
{ user =
{ params =
{ email = model.email
, password = model.password
}
Expand Down
2 changes: 1 addition & 1 deletion src/Pages/Register.elm
View file
Original file line number Diff line number Diff line change
Expand Up @@ -91,7 +91,7 @@ update req msg model =
( model
, (Effect.fromCmd << sendToBackend) <|
UserRegistration_Register
{ user =
{ params =
{ username = model.username
, email = model.email
, password = model.password
Expand Down
2 changes: 1 addition & 1 deletion src/Pages/Settings.elm
View file
Original file line number Diff line number Diff line change
Expand Up @@ -108,7 +108,7 @@ update msg model =
( { model | message = Nothing, errors = [] }
, (Effect.fromCmd << sendToBackend) <|
UserUpdate_Settings
{ user =
{ params =
{ username = model.username
, email = model.email
, password = model.password
Expand Down
142 changes: 0 additions & 142 deletions src/Stubs.elm
View file

This file was deleted.

0 comments on commit a5a2d57

Please sign in to comment.