From 562ad524c42c3f8d5c0db0c50ac58f81e568d5d8 Mon Sep 17 00:00:00 2001 From: Valentin Tolmer Date: Mon, 13 Feb 2023 18:56:39 +0100 Subject: [PATCH] server: only add password reset routes if they are enabled --- server/src/infra/auth_service.rs | 20 +++++++++++--------- server/src/infra/tcp_server.rs | 6 +++++- 2 files changed, 16 insertions(+), 10 deletions(-) diff --git a/server/src/infra/auth_service.rs b/server/src/infra/auth_service.rs index e8f8c7e..ce7bc1b 100644 --- a/server/src/infra/auth_service.rs +++ b/server/src/infra/auth_service.rs @@ -677,7 +677,7 @@ pub(crate) fn check_if_token_is_valid( }) } -pub fn configure_server(cfg: &mut web::ServiceConfig) +pub fn configure_server(cfg: &mut web::ServiceConfig, enable_password_reset: bool) where Backend: TcpBackendHandler + LoginHandler + OpaqueHandler + BackendHandler + 'static, { @@ -694,14 +694,6 @@ where web::resource("/simple/login").route(web::post().to(simple_login_handler::)), ) .service(web::resource("/refresh").route(web::get().to(get_refresh_handler::))) - .service( - web::resource("/reset/step1/{user_id}") - .route(web::get().to(get_password_reset_step1_handler::)), - ) - .service( - web::resource("/reset/step2/{token}") - .route(web::get().to(get_password_reset_step2_handler::)), - ) .service(web::resource("/logout").route(web::get().to(get_logout_handler::))) .service( web::scope("/opaque/register") @@ -715,4 +707,14 @@ where .route(web::post().to(opaque_register_finish_handler::)), ), ); + if enable_password_reset { + cfg.service( + web::resource("/reset/step1/{user_id}") + .route(web::get().to(get_password_reset_step1_handler::)), + ) + .service( + web::resource("/reset/step2/{token}") + .route(web::get().to(get_password_reset_step2_handler::)), + ); + } } diff --git a/server/src/infra/tcp_server.rs b/server/src/infra/tcp_server.rs index 27a751e..c27846d 100644 --- a/server/src/infra/tcp_server.rs +++ b/server/src/infra/tcp_server.rs @@ -73,6 +73,7 @@ fn http_config( ) where Backend: TcpBackendHandler + BackendHandler + LoginHandler + OpaqueHandler + Sync + 'static, { + let enable_password_reset = mail_options.enable_password_reset; cfg.app_data(web::Data::new(AppState:: { backend_handler, jwt_key: Hmac::new_varkey(jwt_secret.unsecure().as_bytes()).unwrap(), @@ -81,7 +82,10 @@ fn http_config( mail_options, })) .route("/health", web::get().to(|| HttpResponse::Ok().finish())) - .service(web::scope("/auth").configure(auth_service::configure_server::)) + .service( + web::scope("/auth") + .configure(|cfg| auth_service::configure_server::(cfg, enable_password_reset)), + ) // API endpoint. .service( web::scope("/api")