feat: implement password reset functionality and global search feature
- Added forgot password and reset password APIs in the LMS service. - Created database migrations for password reset tokens and xAPI statements. - Implemented global search functionality with indexing for courses, lessons, discussions, and announcements. - Developed frontend pages for forgot password and reset password. - Introduced SCORM player component to handle xAPI statements tracking.
This commit is contained in:
@@ -0,0 +1,406 @@
|
||||
use axum::{Json, extract::State, http::StatusCode};
|
||||
use bcrypt::{DEFAULT_COST, hash};
|
||||
use lettre::message::Mailbox;
|
||||
use lettre::transport::smtp::authentication::Credentials;
|
||||
use lettre::{AsyncSmtpTransport, AsyncTransport, Message, Tokio1Executor};
|
||||
use rand::distributions::Alphanumeric;
|
||||
use rand::{Rng, thread_rng};
|
||||
use serde::{Deserialize, Serialize};
|
||||
use sqlx::PgPool;
|
||||
use std::env;
|
||||
use uuid::Uuid;
|
||||
|
||||
// ─── Helpers SMTP compartidos ─────────────────────────────────────────────────
|
||||
|
||||
#[derive(Debug, Clone)]
|
||||
pub struct SmtpConfig {
|
||||
pub enabled: bool,
|
||||
pub host: String,
|
||||
pub from: String,
|
||||
pub port: u16,
|
||||
pub starttls: bool,
|
||||
pub username: Option<String>,
|
||||
pub password: Option<String>,
|
||||
}
|
||||
|
||||
#[derive(Debug, Clone, sqlx::FromRow)]
|
||||
struct OrgEmailServiceRow {
|
||||
service_type: String,
|
||||
smtp_enabled: bool,
|
||||
smtp_host: Option<String>,
|
||||
smtp_port: i32,
|
||||
smtp_from: Option<String>,
|
||||
smtp_username: Option<String>,
|
||||
smtp_password: Option<String>,
|
||||
smtp_starttls: bool,
|
||||
}
|
||||
|
||||
pub async fn load_smtp_config(pool: &PgPool, organization_id: Uuid) -> Option<SmtpConfig> {
|
||||
// Intentar cargar config desde la BD
|
||||
let row = sqlx::query_as::<_, OrgEmailServiceRow>(
|
||||
r#"
|
||||
SELECT service_type, smtp_enabled, smtp_host, smtp_port, smtp_from,
|
||||
smtp_username, smtp_password, smtp_starttls
|
||||
FROM organization_email_services
|
||||
WHERE organization_id = $1
|
||||
ORDER BY is_default DESC, created_at ASC
|
||||
LIMIT 1
|
||||
"#,
|
||||
)
|
||||
.bind(organization_id)
|
||||
.fetch_optional(pool)
|
||||
.await
|
||||
.ok()
|
||||
.flatten();
|
||||
|
||||
if let Some(row) = row {
|
||||
if row.service_type.trim().to_lowercase() == "smtp" {
|
||||
let host = row.smtp_host.unwrap_or_default().trim().to_string();
|
||||
if !host.is_empty() {
|
||||
return Some(SmtpConfig {
|
||||
enabled: row.smtp_enabled,
|
||||
host,
|
||||
from: row.smtp_from.unwrap_or_else(|| "OpenCCB <no-reply@openccb.local>".to_string()),
|
||||
port: u16::try_from(row.smtp_port).unwrap_or(587),
|
||||
starttls: row.smtp_starttls,
|
||||
username: row.smtp_username.filter(|v| !v.trim().is_empty()),
|
||||
password: row.smtp_password.filter(|v| !v.trim().is_empty()),
|
||||
});
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
// Fallback a variables de entorno
|
||||
let host = env::var("SMTP_HOST").ok().filter(|v| !v.trim().is_empty())?;
|
||||
let enabled = env::var("SMTP_ENABLED")
|
||||
.map(|v| matches!(v.trim().to_lowercase().as_str(), "1" | "true" | "yes"))
|
||||
.unwrap_or(false);
|
||||
let from = env::var("SMTP_FROM")
|
||||
.unwrap_or_else(|_| "OpenCCB <no-reply@openccb.local>".to_string());
|
||||
let port = env::var("SMTP_PORT")
|
||||
.ok()
|
||||
.and_then(|v| v.parse::<u16>().ok())
|
||||
.unwrap_or(587);
|
||||
let starttls = env::var("SMTP_STARTTLS")
|
||||
.map(|v| matches!(v.trim().to_lowercase().as_str(), "1" | "true" | "yes"))
|
||||
.unwrap_or(false);
|
||||
|
||||
Some(SmtpConfig {
|
||||
enabled,
|
||||
host,
|
||||
from,
|
||||
port,
|
||||
starttls,
|
||||
username: env::var("SMTP_USERNAME").ok().filter(|v| !v.trim().is_empty()),
|
||||
password: env::var("SMTP_PASSWORD").ok().filter(|v| !v.trim().is_empty()),
|
||||
})
|
||||
}
|
||||
|
||||
pub fn build_mailer(config: &SmtpConfig) -> Result<AsyncSmtpTransport<Tokio1Executor>, String> {
|
||||
let mut builder = if config.starttls {
|
||||
AsyncSmtpTransport::<Tokio1Executor>::relay(&config.host)
|
||||
.map_err(|e| format!("SMTP relay error: {}", e))?
|
||||
.port(config.port)
|
||||
} else {
|
||||
AsyncSmtpTransport::<Tokio1Executor>::builder_dangerous(&config.host).port(config.port)
|
||||
};
|
||||
|
||||
if let (Some(user), Some(pass)) = (&config.username, &config.password) {
|
||||
builder = builder.credentials(Credentials::new(user.trim().to_string(), pass.trim().to_string()));
|
||||
}
|
||||
|
||||
Ok(builder.build())
|
||||
}
|
||||
|
||||
pub async fn send_email(
|
||||
config: &SmtpConfig,
|
||||
to_email: &str,
|
||||
to_name: &str,
|
||||
subject: &str,
|
||||
body_html: &str,
|
||||
) -> Result<(), String> {
|
||||
if !config.enabled {
|
||||
tracing::debug!("SMTP deshabilitado — email no enviado a {}", to_email);
|
||||
return Ok(());
|
||||
}
|
||||
|
||||
let from: Mailbox = config
|
||||
.from
|
||||
.parse()
|
||||
.map_err(|e| format!("From inválido: {}", e))?;
|
||||
|
||||
let to_str = if to_name.is_empty() {
|
||||
to_email.to_string()
|
||||
} else {
|
||||
format!("{} <{}>", to_name, to_email)
|
||||
};
|
||||
let to: Mailbox = to_str.parse().map_err(|e| format!("To inválido: {}", e))?;
|
||||
|
||||
let email = Message::builder()
|
||||
.from(from)
|
||||
.to(to)
|
||||
.subject(subject)
|
||||
.header(lettre::message::header::ContentType::TEXT_HTML)
|
||||
.body(body_html.to_string())
|
||||
.map_err(|e| format!("Error construyendo email: {}", e))?;
|
||||
|
||||
let mailer = build_mailer(config)?;
|
||||
mailer.send(email).await.map_err(|e| format!("Error enviando email: {}", e))?;
|
||||
Ok(())
|
||||
}
|
||||
|
||||
// ─── Password Reset ────────────────────────────────────────────────────────────
|
||||
|
||||
#[derive(Deserialize)]
|
||||
pub struct ForgotPasswordPayload {
|
||||
pub email: String,
|
||||
}
|
||||
|
||||
#[derive(Deserialize)]
|
||||
pub struct ResetPasswordPayload {
|
||||
pub token: String,
|
||||
pub new_password: String,
|
||||
}
|
||||
|
||||
#[derive(Serialize)]
|
||||
pub struct MessageResponse {
|
||||
pub message: String,
|
||||
}
|
||||
|
||||
#[derive(sqlx::FromRow)]
|
||||
struct UserForReset {
|
||||
id: Uuid,
|
||||
email: String,
|
||||
full_name: Option<String>,
|
||||
organization_id: Uuid,
|
||||
}
|
||||
|
||||
pub async fn forgot_password(
|
||||
State(pool): State<PgPool>,
|
||||
Json(payload): Json<ForgotPasswordPayload>,
|
||||
) -> Result<Json<MessageResponse>, (StatusCode, String)> {
|
||||
let email = payload.email.trim().to_lowercase();
|
||||
|
||||
// Buscar usuario (respuesta genérica para no revelar si existe)
|
||||
let user = sqlx::query_as::<_, UserForReset>(
|
||||
"SELECT id, email, full_name, organization_id FROM users WHERE LOWER(email) = $1",
|
||||
)
|
||||
.bind(&email)
|
||||
.fetch_optional(&pool)
|
||||
.await
|
||||
.map_err(|e| (StatusCode::INTERNAL_SERVER_ERROR, e.to_string()))?;
|
||||
|
||||
let Some(user) = user else {
|
||||
// Respuesta genérica — no revelar si el email existe
|
||||
return Ok(Json(MessageResponse {
|
||||
message: "Si el correo existe, recibirás un enlace para restablecer tu contraseña."
|
||||
.to_string(),
|
||||
}));
|
||||
};
|
||||
|
||||
// Generar token seguro de 48 caracteres
|
||||
let token: String = thread_rng()
|
||||
.sample_iter(&Alphanumeric)
|
||||
.take(48)
|
||||
.map(char::from)
|
||||
.collect();
|
||||
|
||||
// Invalidar tokens anteriores del mismo usuario
|
||||
sqlx::query("UPDATE password_reset_tokens SET used_at = NOW() WHERE user_id = $1 AND used_at IS NULL")
|
||||
.bind(user.id)
|
||||
.execute(&pool)
|
||||
.await
|
||||
.map_err(|e| (StatusCode::INTERNAL_SERVER_ERROR, e.to_string()))?;
|
||||
|
||||
// Insertar nuevo token (expira en 1 hora)
|
||||
sqlx::query(
|
||||
"INSERT INTO password_reset_tokens (user_id, token, expires_at) VALUES ($1, $2, NOW() + INTERVAL '1 hour')",
|
||||
)
|
||||
.bind(user.id)
|
||||
.bind(&token)
|
||||
.execute(&pool)
|
||||
.await
|
||||
.map_err(|e| (StatusCode::INTERNAL_SERVER_ERROR, e.to_string()))?;
|
||||
|
||||
// Intentar enviar email (fire-and-forget en caso de error SMTP)
|
||||
let base_url = env::var("EXPERIENCE_URL").unwrap_or_else(|_| "https://openccb.local".to_string());
|
||||
let reset_url = format!("{}/reset-password?token={}", base_url, token);
|
||||
let full_name = user.full_name.as_deref().unwrap_or("Estudiante");
|
||||
|
||||
let body = format!(
|
||||
r#"<!DOCTYPE html>
|
||||
<html>
|
||||
<head><meta charset="utf-8"></head>
|
||||
<body style="font-family:Arial,sans-serif;max-width:600px;margin:0 auto;padding:20px">
|
||||
<h2>Restablecer contraseña</h2>
|
||||
<p>Hola {full_name},</p>
|
||||
<p>Recibimos una solicitud para restablecer la contraseña de tu cuenta.</p>
|
||||
<p style="text-align:center;margin:30px 0">
|
||||
<a href="{reset_url}"
|
||||
style="background:#4f46e5;color:#fff;padding:12px 24px;text-decoration:none;border-radius:6px;display:inline-block">
|
||||
Restablecer contraseña
|
||||
</a>
|
||||
</p>
|
||||
<p>Este enlace expira en <strong>1 hora</strong>.</p>
|
||||
<p>Si no solicitaste esto, ignora este mensaje.</p>
|
||||
<hr style="border:none;border-top:1px solid #eee;margin:30px 0">
|
||||
<p style="color:#888;font-size:12px">OpenCCB — Plataforma de Aprendizaje</p>
|
||||
</body>
|
||||
</html>"#,
|
||||
full_name = full_name,
|
||||
reset_url = reset_url
|
||||
);
|
||||
|
||||
if let Some(smtp) = load_smtp_config(&pool, user.organization_id).await {
|
||||
if let Err(e) = send_email(&smtp, &user.email, full_name, "Restablecer contraseña", &body).await {
|
||||
tracing::warn!("No se pudo enviar email de reset a {}: {}", user.email, e);
|
||||
}
|
||||
}
|
||||
|
||||
Ok(Json(MessageResponse {
|
||||
message: "Si el correo existe, recibirás un enlace para restablecer tu contraseña.".to_string(),
|
||||
}))
|
||||
}
|
||||
|
||||
pub async fn reset_password(
|
||||
State(pool): State<PgPool>,
|
||||
Json(payload): Json<ResetPasswordPayload>,
|
||||
) -> Result<Json<MessageResponse>, (StatusCode, String)> {
|
||||
let token = payload.token.trim().to_string();
|
||||
|
||||
if token.is_empty() || payload.new_password.len() < 8 {
|
||||
return Err((
|
||||
StatusCode::BAD_REQUEST,
|
||||
"Token o contraseña inválidos (mínimo 8 caracteres)".to_string(),
|
||||
));
|
||||
}
|
||||
|
||||
// Buscar token válido
|
||||
let row = sqlx::query_as::<_, (Uuid,)>(
|
||||
r#"SELECT user_id FROM password_reset_tokens
|
||||
WHERE token = $1 AND used_at IS NULL AND expires_at > NOW()"#,
|
||||
)
|
||||
.bind(&token)
|
||||
.fetch_optional(&pool)
|
||||
.await
|
||||
.map_err(|e| (StatusCode::INTERNAL_SERVER_ERROR, e.to_string()))?;
|
||||
|
||||
let Some((user_id,)) = row else {
|
||||
return Err((
|
||||
StatusCode::BAD_REQUEST,
|
||||
"Token inválido o expirado".to_string(),
|
||||
));
|
||||
};
|
||||
|
||||
// Hashear nueva contraseña
|
||||
let password_hash = hash(&payload.new_password, DEFAULT_COST).map_err(|_| {
|
||||
(StatusCode::INTERNAL_SERVER_ERROR, "Error al procesar contraseña".to_string())
|
||||
})?;
|
||||
|
||||
// Actualizar contraseña
|
||||
sqlx::query("UPDATE users SET password_hash = $1, updated_at = NOW() WHERE id = $2")
|
||||
.bind(&password_hash)
|
||||
.bind(user_id)
|
||||
.execute(&pool)
|
||||
.await
|
||||
.map_err(|e| (StatusCode::INTERNAL_SERVER_ERROR, e.to_string()))?;
|
||||
|
||||
// Marcar token como usado
|
||||
sqlx::query("UPDATE password_reset_tokens SET used_at = NOW() WHERE token = $1")
|
||||
.bind(&token)
|
||||
.execute(&pool)
|
||||
.await
|
||||
.map_err(|e| (StatusCode::INTERNAL_SERVER_ERROR, e.to_string()))?;
|
||||
|
||||
Ok(Json(MessageResponse {
|
||||
message: "Contraseña actualizada correctamente. Ya puedes iniciar sesión.".to_string(),
|
||||
}))
|
||||
}
|
||||
|
||||
// ─── Emails transaccionales ────────────────────────────────────────────────────
|
||||
|
||||
/// Envía email de bienvenida al inscribirse en un curso.
|
||||
/// Fire-and-forget (los errores se loguean, no bloquean la respuesta).
|
||||
pub async fn send_enrollment_email(
|
||||
pool: &PgPool,
|
||||
organization_id: Uuid,
|
||||
user_email: &str,
|
||||
user_name: &str,
|
||||
course_title: &str,
|
||||
) {
|
||||
let Some(smtp) = load_smtp_config(pool, organization_id).await else {
|
||||
return;
|
||||
};
|
||||
|
||||
let base_url = env::var("EXPERIENCE_URL").unwrap_or_else(|_| "https://openccb.local".to_string());
|
||||
let body = format!(
|
||||
r#"<!DOCTYPE html>
|
||||
<html>
|
||||
<head><meta charset="utf-8"></head>
|
||||
<body style="font-family:Arial,sans-serif;max-width:600px;margin:0 auto;padding:20px">
|
||||
<h2>¡Te has inscrito exitosamente!</h2>
|
||||
<p>Hola {user_name},</p>
|
||||
<p>Tu inscripción en <strong>{course_title}</strong> ha sido confirmada.</p>
|
||||
<p style="text-align:center;margin:30px 0">
|
||||
<a href="{base_url}/courses"
|
||||
style="background:#4f46e5;color:#fff;padding:12px 24px;text-decoration:none;border-radius:6px;display:inline-block">
|
||||
Ir a mis cursos
|
||||
</a>
|
||||
</p>
|
||||
<p>¡Mucho éxito en tu aprendizaje!</p>
|
||||
<hr style="border:none;border-top:1px solid #eee;margin:30px 0">
|
||||
<p style="color:#888;font-size:12px">OpenCCB — Plataforma de Aprendizaje</p>
|
||||
</body>
|
||||
</html>"#,
|
||||
user_name = user_name,
|
||||
course_title = course_title,
|
||||
base_url = base_url
|
||||
);
|
||||
|
||||
if let Err(e) = send_email(&smtp, user_email, user_name, &format!("Inscripción confirmada: {}", course_title), &body).await {
|
||||
tracing::warn!("Email de inscripción no enviado a {}: {}", user_email, e);
|
||||
}
|
||||
}
|
||||
|
||||
/// Envía email de felicitación al completar un curso.
|
||||
pub async fn send_completion_email(
|
||||
pool: &PgPool,
|
||||
organization_id: Uuid,
|
||||
user_email: &str,
|
||||
user_name: &str,
|
||||
course_title: &str,
|
||||
) {
|
||||
let Some(smtp) = load_smtp_config(pool, organization_id).await else {
|
||||
return;
|
||||
};
|
||||
|
||||
let base_url = env::var("EXPERIENCE_URL").unwrap_or_else(|_| "https://openccb.local".to_string());
|
||||
let body = format!(
|
||||
r#"<!DOCTYPE html>
|
||||
<html>
|
||||
<head><meta charset="utf-8"></head>
|
||||
<body style="font-family:Arial,sans-serif;max-width:600px;margin:0 auto;padding:20px">
|
||||
<h2>🎉 ¡Felicitaciones, completaste el curso!</h2>
|
||||
<p>Hola {user_name},</p>
|
||||
<p>Has completado exitosamente <strong>{course_title}</strong>.</p>
|
||||
<p>Puedes descargar tu certificado desde la plataforma.</p>
|
||||
<p style="text-align:center;margin:30px 0">
|
||||
<a href="{base_url}/courses"
|
||||
style="background:#16a34a;color:#fff;padding:12px 24px;text-decoration:none;border-radius:6px;display:inline-block">
|
||||
Ver mis certificados
|
||||
</a>
|
||||
</p>
|
||||
<p>Sigue aprendiendo — ¡el conocimiento no tiene límites!</p>
|
||||
<hr style="border:none;border-top:1px solid #eee;margin:30px 0">
|
||||
<p style="color:#888;font-size:12px">OpenCCB — Plataforma de Aprendizaje</p>
|
||||
</body>
|
||||
</html>"#,
|
||||
user_name = user_name,
|
||||
course_title = course_title,
|
||||
base_url = base_url
|
||||
);
|
||||
|
||||
if let Err(e) = send_email(&smtp, user_email, user_name, &format!("¡Completaste: {}!", course_title), &body).await {
|
||||
tracing::warn!("Email de completitud no enviado a {}: {}", user_email, e);
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user