server: only add password reset routes if they are enabled

2023-04-12 14:25:13 +00:00 · 2023-02-13 18:56:39 +01:00 · 2023-02-13 18:56:39 +01:00 · 6dc0377f6f
commit 6dc0377f6f
parent ea498df78b
2 changed files with 16 additions and 10 deletions
--- a/server/src/infra/auth_service.rs
+++ b/server/src/infra/auth_service.rs
@ -677,7 +677,7 @@ pub(crate) fn check_if_token_is_valid<Backend>(
    })
 }

-pub fn configure_server<Backend>(cfg: &mut web::ServiceConfig)
+pub fn configure_server<Backend>(cfg: &mut web::ServiceConfig, enable_password_reset: bool)
 where
    Backend: TcpBackendHandler + LoginHandler + OpaqueHandler + BackendHandler + 'static,
 {
@ -694,14 +694,6 @@ where
            web::resource("/simple/login").route(web::post().to(simple_login_handler::<Backend>)),
        )
        .service(web::resource("/refresh").route(web::get().to(get_refresh_handler::<Backend>)))
-        .service(
-            web::resource("/reset/step1/{user_id}")
-                .route(web::get().to(get_password_reset_step1_handler::<Backend>)),
-        )
-        .service(
-            web::resource("/reset/step2/{token}")
-                .route(web::get().to(get_password_reset_step2_handler::<Backend>)),
-        )
        .service(web::resource("/logout").route(web::get().to(get_logout_handler::<Backend>)))
        .service(
            web::scope("/opaque/register")
@ -715,4 +707,14 @@ where
                        .route(web::post().to(opaque_register_finish_handler::<Backend>)),
                ),
        );
+    if enable_password_reset {
+        cfg.service(
+            web::resource("/reset/step1/{user_id}")
+                .route(web::get().to(get_password_reset_step1_handler::<Backend>)),
+        )
+        .service(
+            web::resource("/reset/step2/{token}")
+                .route(web::get().to(get_password_reset_step2_handler::<Backend>)),
+        );
+    }
 }
--- a/server/src/infra/tcp_server.rs
+++ b/server/src/infra/tcp_server.rs
@ -73,6 +73,7 @@ fn http_config<Backend>(
 ) where
    Backend: TcpBackendHandler + BackendHandler + LoginHandler + OpaqueHandler + Sync + 'static,
 {
+    let enable_password_reset = mail_options.enable_password_reset;
    cfg.app_data(web::Data::new(AppState::<Backend> {
        backend_handler,
        jwt_key: Hmac::new_varkey(jwt_secret.unsecure().as_bytes()).unwrap(),
@ -81,7 +82,10 @@ fn http_config<Backend>(
        mail_options,
    }))
    .route("/health", web::get().to(|| HttpResponse::Ok().finish()))
-    .service(web::scope("/auth").configure(auth_service::configure_server::<Backend>))
+    .service(
+        web::scope("/auth")
+            .configure(|cfg| auth_service::configure_server::<Backend>(cfg, enable_password_reset)),
+    )
    // API endpoint.
    .service(
        web::scope("/api")