Do reset password operations in db transaction

And modify signature of model methods to accept an executor instead of a pool connection which will also allow transactions.
2023-10-13 14:44:40 +02:00
parent 60671d5865
commit 835e9dc748
7 changed files with 126 additions and 82 deletions
--- a/src/handlers/forgot_password.rs
+++ b/src/handlers/forgot_password.rs
@@ -71,13 +71,9 @@ pub async fn post(
    layout: Layout,
    Form(forgot_password): Form<ForgotPassword>,
 ) -> Result<Response> {
-    dbg!(&ip);
-    dbg!(&user_agent);
-    dbg!(&forgot_password.email);
    let user: User = match User::get_by_email(&pool, forgot_password.email.clone()).await {
        Ok(user) => user,
        Err(err) => {
-            dbg!(&err);
            if let Error::NotFoundString(_, _) = err {
                info!(email = forgot_password.email, "invalid email");
                return Ok(layout
--- a/src/handlers/reset_password.rs
+++ b/src/handlers/reset_password.rs
@@ -241,11 +241,11 @@ pub async fn post(
        }
    };
    info!(user_id = %user.user_id, "user exists with verified email, resetting password");
-    // TODO: do both in transaction
-    UserPasswordResetToken::delete(&pool, reset_password.token).await?;
+    let mut tx = pool.begin().await?;
+    UserPasswordResetToken::delete(tx.as_mut(), reset_password.token).await?;
    let user = match user
        .update_password(
-            &pool,
+            tx.as_mut(),
            UpdateUserPassword {
                password: reset_password.password,
            },
@@ -289,6 +289,7 @@ pub async fn post(
        ip.into(),
        user_agent.map(|ua| ua.to_string()),
    );
+    tx.commit().await?;
    Ok(layout
        .with_subtitle("reset password")
        .targeted(hx_target)