Source: service.ml (p.sihl.0.1.10.doc.src.sihl.user)

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189open Lwt.Syntax module Core = Sihl_core module User = Model let log_src = Logs.Src.create "sihl.service.user" module Logs = (val Logs.src_log log_src : Logs.LOG) exception Exception of string module Make (Repo : Sig.REPOSITORY) : Sig.SERVICE = struct let find_opt ~user_id = Repo.get ~id:user_id let find ~user_id = let* m_user = find_opt ~user_id in match m_user with | Some user -> Lwt.return user | None -> Logs.err (fun m -> m "USER: User not found with id %s" user_id); raise (Exception "User not found") ;; let find_by_email_opt ~email = (* TODO add support for lowercase UTF-8 * String.lowercase only supports US-ASCII, but * email addresses can contain other letters * (https://tools.ietf.org/html/rfc6531) like umlauts. *) Repo.get_by_email ~email:(String.lowercase_ascii email) ;; let find_by_email ~email = let* user = find_by_email_opt ~email in match user with | Some user -> Lwt.return user | None -> Logs.err (fun m -> m "USER: User not found with email %s" email); raise (Exception "User not found") ;; let find_all ~query = Repo.get_all ~query let update_password ?(password_policy = User.default_password_policy) ~user ~old_password ~new_password ~new_password_confirmation () = match User.validate_change_password user ~old_password ~new_password ~new_password_confirmation ~password_policy with | Ok () -> let updated_user = match User.set_user_password user new_password with | Ok user -> user | Error msg -> Logs.err (fun m -> m "USER: Can not update password of user %s: %s" (User.email user) msg); raise (Exception msg) in let* () = Repo.update ~user:updated_user in Lwt.return @@ Ok updated_user | Error msg -> Lwt.return @@ Error msg ;; let update_details ~user ~email ~username = let updated_user = User.set_user_details user ~email ~username in let* () = Repo.update ~user:updated_user in find ~user_id:(User.id user) ;; let set_password ?(password_policy = User.default_password_policy) ~user ~password ~password_confirmation () = let* result = User.validate_new_password ~password ~password_confirmation ~password_policy |> Lwt.return in match result with | Error msg -> Lwt.return @@ Error msg | Ok () -> let updated_user = match User.set_user_password user password with | Ok user -> user | Error msg -> Logs.err (fun m -> m "USER: Can not set password of user %s: %s" (User.email user) msg); raise (Exception msg) in let* () = Repo.update ~user:updated_user in Lwt_result.return updated_user ;; let create_user ~email ~password ~username = let user = match User.create ~email ~password ~username ~admin:false ~confirmed:false with | Ok user -> user | Error msg -> raise (Exception msg) in let* () = Repo.insert ~user in Lwt.return user ;; let create_admin ~email ~password ~username = let* user = Repo.get_by_email ~email in let* () = match user with | Some _ -> Logs.err (fun m -> m "USER: Can not create admin %s since the email is already taken" email); raise (Exception "Email already taken") | None -> Lwt.return () in let user = match User.create ~email ~password ~username ~admin:true ~confirmed:true with | Ok user -> user | Error msg -> Logs.err (fun m -> m "USER: Can not create admin %s %s" email msg); raise (Exception msg) in let* () = Repo.insert ~user in Lwt.return user ;; let register_user ?(password_policy = User.default_password_policy) ?username ~email ~password ~password_confirmation () = match User.validate_new_password ~password ~password_confirmation ~password_policy with | Error msg -> Lwt_result.fail @@ Model.Error.InvalidPasswordProvided msg | Ok () -> let* user = find_by_email_opt ~email in (match user with | None -> create_user ~username ~email ~password |> Lwt.map Result.ok | Some _ -> Lwt_result.fail Model.Error.AlreadyRegistered) ;; let login ~email ~password = let* user = find_by_email_opt ~email in match user with | None -> Lwt_result.fail Model.Error.DoesNotExist | Some user -> if User.matches_password password user then Lwt_result.return user else Lwt_result.fail Model.Error.IncorrectPassword ;; let create_admin_cmd = Core.Command.make ~name:"createadmin" ~help:"<username> <email> <password>" ~description:"Create an admin user" (fun args -> match args with | [ username; email; password ] -> create_admin ~email ~password ~username:(Some username) |> Lwt.map ignore | _ -> raise (Core.Command.Exception "Usage: <username> <email> <password>")) ;; let start () = Lwt.return () let stop () = Lwt.return () let lifecycle = Core.Container.Lifecycle.create "user" ~dependencies:Repo.lifecycles ~start ~stop ;; let register () = Repo.register_migration (); Repo.register_cleaner (); Core.Container.Service.create ~commands:[ create_admin_cmd ] lifecycle ;; end