From 42e63600a198281e45f69b86805cf4bb4145837c Mon Sep 17 00:00:00 2001
From: Per Stark <perstark.se@gmail.com>
Date: Fri, 21 Mar 2025 08:01:04 +0100
Subject: [PATCH] fix: move ownership into auth fn

---
 crates/common/src/storage/types/user.rs            | 8 ++++----
 crates/composite-retrieval/src/answer_retrieval.rs | 7 ++-----
 crates/html-router/src/routes/account.rs           | 2 +-
 crates/html-router/src/routes/signin.rs            | 2 +-
 4 files changed, 8 insertions(+), 11 deletions(-)

diff --git a/crates/common/src/storage/types/user.rs b/crates/common/src/storage/types/user.rs
index d0539ec..39b91bb 100644
--- a/crates/common/src/storage/types/user.rs
+++ b/crates/common/src/storage/types/user.rs
@@ -122,8 +122,8 @@ impl User {
     }
 
     pub async fn authenticate(
-        email: String,
-        password: String,
+        email: &str,
+        password: &str,
         db: &SurrealDbClient,
     ) -> Result<Self, AppError> {
         let user: Option<User> = db
@@ -133,8 +133,8 @@ impl User {
                 WHERE email = $email 
                 AND crypto::argon2::compare(password, $password)",
             )
-            .bind(("email", email))
-            .bind(("password", password))
+            .bind(("email", email.to_owned()))
+            .bind(("password", password.to_owned()))
             .await?
             .take(0)?;
         user.ok_or(AppError::Auth("User failed to authenticate".into()))
diff --git a/crates/composite-retrieval/src/answer_retrieval.rs b/crates/composite-retrieval/src/answer_retrieval.rs
index d560ae3..5cf66ea 100644
--- a/crates/composite-retrieval/src/answer_retrieval.rs
+++ b/crates/composite-retrieval/src/answer_retrieval.rs
@@ -5,12 +5,7 @@ use async_openai::{
         CreateChatCompletionRequest, CreateChatCompletionRequestArgs, CreateChatCompletionResponse,
         ResponseFormat, ResponseFormatJsonSchema,
     },
-    MessageFiles,
 };
-use serde::Deserialize;
-use serde_json::{json, Value};
-use tracing::debug;
-
 use common::{
     error::AppError,
     storage::{
@@ -21,6 +16,8 @@ use common::{
         },
     },
 };
+use serde::Deserialize;
+use serde_json::{json, Value};
 
 use crate::retrieve_entities;
 
diff --git a/crates/html-router/src/routes/account.rs b/crates/html-router/src/routes/account.rs
index b77bc4e..4eda303 100644
--- a/crates/html-router/src/routes/account.rs
+++ b/crates/html-router/src/routes/account.rs
@@ -127,7 +127,7 @@ pub async fn change_password(
     Form(form): Form<NewPasswordForm>,
 ) -> Result<impl IntoResponse, HtmlError> {
     // Authenticate to make sure the password matches
-    let authenticated_user = User::authenticate(user.email, form.old_password, &state.db).await?;
+    let authenticated_user = User::authenticate(&user.email, &form.old_password, &state.db).await?;
 
     User::patch_password(&authenticated_user.email, &form.new_password, &state.db).await?;
 
diff --git a/crates/html-router/src/routes/signin.rs b/crates/html-router/src/routes/signin.rs
index b2eadec..8e4f7f4 100644
--- a/crates/html-router/src/routes/signin.rs
+++ b/crates/html-router/src/routes/signin.rs
@@ -42,7 +42,7 @@ pub async fn authenticate_user(
     auth: AuthSessionType,
     Form(form): Form<SignupParams>,
 ) -> Result<impl IntoResponse, HtmlError> {
-    let user = match User::authenticate(form.email, form.password, &state.db).await {
+    let user = match User::authenticate(&form.email, &form.password, &state.db).await {
         Ok(user) => user,
         Err(_) => {
             return Ok(Html("<p>Incorrect email or password </p>").into_response());