From 718da71d0dd086b1d8f9bc068be9a9d5e62e87b2 Mon Sep 17 00:00:00 2001
From: Valentin Tolmer <valentin@tolmer.fr>
Date: Tue, 14 Sep 2021 09:58:04 +0200
Subject: [PATCH] app: Allow admins to change passwords

---
 app/src/components/app.rs             | 14 +++++++--
 app/src/components/change_password.rs | 44 +++++++++++++++++----------
 app/src/components/user_table.rs      |  7 +++--
 3 files changed, 44 insertions(+), 21 deletions(-)

diff --git a/app/src/components/app.rs b/app/src/components/app.rs
index bdf9ef6..e6bb92f 100644
--- a/app/src/components/app.rs
+++ b/app/src/components/app.rs
@@ -4,7 +4,7 @@ use crate::{
         create_user::CreateUserForm,
         login::LoginForm,
         logout::LogoutButton,
-        router::{AppRoute, Link},
+        router::{AppRoute, NavButton},
         user_details::UserDetails,
         user_table::UserTable,
     },
@@ -91,6 +91,7 @@ impl Component for App {
 
     fn view(&self) -> Html {
         let link = self.link.clone();
+        let is_admin = self.is_admin();
         html! {
             <div>
                 <h1>{ "LLDAP" }</h1>
@@ -110,7 +111,7 @@ impl Component for App {
                               <div>
                                 <LogoutButton on_logged_out=link.callback(|_| Msg::Logout) />
                                 <UserTable />
-                                <Link route=AppRoute::CreateUser>{"Create a user"}</Link>
+                                <NavButton route=AppRoute::CreateUser>{"Create a user"}</NavButton>
                               </div>
                           },
                           AppRoute::UserDetails(username) => html! {
@@ -122,7 +123,7 @@ impl Component for App {
                           AppRoute::ChangePassword(username) => html! {
                               <div>
                                 <LogoutButton on_logged_out=link.callback(|_| Msg::Logout) />
-                                <ChangePasswordForm username=username.clone() />
+                                <ChangePasswordForm username=username.clone() is_admin=is_admin />
                               </div>
                           }
                       }
@@ -170,4 +171,11 @@ impl App {
             },
         }
     }
+
+    fn is_admin(&self) -> bool {
+        match &self.user_info {
+            None => false,
+            Some((_, is_admin)) => *is_admin,
+        }
+    }
 }
diff --git a/app/src/components/change_password.rs b/app/src/components/change_password.rs
index e7cbf6e..e0b6343 100644
--- a/app/src/components/change_password.rs
+++ b/app/src/components/change_password.rs
@@ -36,6 +36,7 @@ pub struct ChangePasswordForm {
     node_ref: NodeRef,
     opaque_data: OpaqueData,
     successfully_changed_password: bool,
+    is_admin: bool,
     // Used to keep the request alive long enough.
     _task: Option<FetchTask>,
 }
@@ -43,11 +44,13 @@ pub struct ChangePasswordForm {
 #[derive(Clone, PartialEq, Properties)]
 pub struct Props {
     pub username: String,
+    pub is_admin: bool,
 }
 
 pub enum Msg {
     Submit,
     AuthenticationStartResponse(Result<Box<login::ServerLoginStartResponse>>),
+    SubmitNewPassword,
     RegistrationStartResponse(Result<Box<registration::ServerRegistrationStartResponse>>),
     RegistrationFinishResponse(Result<()>),
 }
@@ -107,21 +110,25 @@ impl ChangePasswordForm {
                 if new_password != confirm_password {
                     bail!("Confirmation password doesn't match");
                 }
-                let mut rng = rand::rngs::OsRng;
-                let login_start_request =
-                    opaque::client::login::start_login(&old_password, &mut rng)
-                        .context("Could not initialize login")?;
-                self.opaque_data = OpaqueData::Login(login_start_request.state);
-                let req = login::ClientLoginStartRequest {
-                    username: self.username.clone(),
-                    login_start_request: login_start_request.message,
-                };
-                self.call_backend(
-                    HostService::login_start,
-                    req,
-                    Msg::AuthenticationStartResponse,
-                )?;
-                Ok(())
+                if self.is_admin {
+                    self.handle_message(Msg::SubmitNewPassword)
+                } else {
+                    let mut rng = rand::rngs::OsRng;
+                    let login_start_request =
+                        opaque::client::login::start_login(&old_password, &mut rng)
+                            .context("Could not initialize login")?;
+                    self.opaque_data = OpaqueData::Login(login_start_request.state);
+                    let req = login::ClientLoginStartRequest {
+                        username: self.username.clone(),
+                        login_start_request: login_start_request.message,
+                    };
+                    self.call_backend(
+                        HostService::login_start,
+                        req,
+                        Msg::AuthenticationStartResponse,
+                    )?;
+                    Ok(())
+                }
             }
             Msg::AuthenticationStartResponse(res) => {
                 let res = res.context("Could not initiate login")?;
@@ -141,6 +148,9 @@ impl ChangePasswordForm {
                     }
                     _ => panic!("Unexpected data in opaque_data field"),
                 };
+                self.handle_message(Msg::SubmitNewPassword)
+            }
+            Msg::SubmitNewPassword => {
                 let mut rng = rand::rngs::OsRng;
                 let new_password = get_form_field("newPassword")
                     .ok_or_else(|| anyhow!("Could not get new password from form"))?;
@@ -207,6 +217,7 @@ impl Component for ChangePasswordForm {
             node_ref: NodeRef::default(),
             opaque_data: OpaqueData::None,
             successfully_changed_password: false,
+            is_admin: props.is_admin,
             _task: None,
         }
     }
@@ -225,11 +236,12 @@ impl Component for ChangePasswordForm {
     }
 
     fn view(&self) -> Html {
+        let is_admin = self.is_admin;
         html! {
             <form ref=self.node_ref.clone() onsubmit=self.link.callback(|e: FocusEvent| { e.prevent_default(); Msg::Submit })>
                 <div>
                     <label for="oldPassword">{"Old password:"}</label>
-                    <input type="password" id="oldPassword" autocomplete="current-password" required=true />
+                    <input type="password" id="oldPassword" autocomplete="current-password" required=true disabled=is_admin />
                 </div>
                 <div>
                     <label for="newPassword">{"New password:"}</label>
diff --git a/app/src/components/user_table.rs b/app/src/components/user_table.rs
index 15f3ab3..f8bdae7 100644
--- a/app/src/components/user_table.rs
+++ b/app/src/components/user_table.rs
@@ -1,4 +1,7 @@
-use crate::infra::api::HostService;
+use crate::{
+    components::router::{AppRoute, Link},
+    infra::api::HostService,
+};
 use anyhow::{anyhow, Result};
 use graphql_client::GraphQLQuery;
 use yew::format::Json;
@@ -80,7 +83,7 @@ impl Component for UserTable {
         let make_user_row = |user: &User| {
             html! {
                 <tr>
-                    <td>{&user.id}</td>
+                    <td><Link route=AppRoute::UserDetails(user.id.clone())>{&user.id}</Link></td>
                     <td>{&user.email}</td>
                     <td>{&user.display_name}</td>
                     <td>{&user.first_name}</td>