Implement login cookie, its verification, and logout
At first i thought that i would need to implement sessions, the ones
that keep small files onto the disk, to know which user is talking to
the server, but then i realized that, for now at least, i only need a
very large number, plus the email address, to be used as a lookup, and
that can be stored in the user table, in a separate schema.
Had to change login to avoid raising exceptions when login failed
because i now keep a record of login attemps, and functions are always
run in a single transaction, thus the exception would prevent me to
insert into login_attempt. Even if i use a separate procedure, i could
not keep the records.
I did not want to add a parameter to the logout function because i was
afraid that it could be called from separate users. I do not know
whether it is possible with the current approach, since the settings
variable is also set by the same applications; time will tell.
2023-01-17 19:48:50 +00:00
|
|
|
-- Test check_cookie
|
|
|
|
set client_min_messages to warning;
|
|
|
|
create extension if not exists pgtap;
|
|
|
|
reset client_min_messages;
|
|
|
|
|
|
|
|
begin;
|
|
|
|
|
|
|
|
select plan(15);
|
|
|
|
|
|
|
|
set search_path to auth, numerus, public;
|
|
|
|
|
2023-01-18 13:12:59 +00:00
|
|
|
select has_function('public', 'check_cookie', array ['text']);
|
|
|
|
select function_lang_is('public', 'check_cookie', array ['text'], 'plpgsql');
|
|
|
|
select function_returns('public', 'check_cookie', array ['text'], 'record');
|
|
|
|
select is_definer('public', 'check_cookie', array ['text']);
|
|
|
|
select volatility_is('public', 'check_cookie', array ['text'], 'stable');
|
|
|
|
select function_privs_are('public', 'check_cookie', array ['text'], 'guest', array []::text[]);
|
|
|
|
select function_privs_are('public', 'check_cookie', array ['text'], 'invoicer', array []::text[]);
|
|
|
|
select function_privs_are('public', 'check_cookie', array ['text'], 'admin', array []::text[]);
|
|
|
|
select function_privs_are('public', 'check_cookie', array ['text'], 'authenticator', array ['EXECUTE']);
|
Implement login cookie, its verification, and logout
At first i thought that i would need to implement sessions, the ones
that keep small files onto the disk, to know which user is talking to
the server, but then i realized that, for now at least, i only need a
very large number, plus the email address, to be used as a lookup, and
that can be stored in the user table, in a separate schema.
Had to change login to avoid raising exceptions when login failed
because i now keep a record of login attemps, and functions are always
run in a single transaction, thus the exception would prevent me to
insert into login_attempt. Even if i use a separate procedure, i could
not keep the records.
I did not want to add a parameter to the logout function because i was
afraid that it could be called from separate users. I do not know
whether it is possible with the current approach, since the settings
variable is also set by the same applications; time will tell.
2023-01-17 19:48:50 +00:00
|
|
|
|
|
|
|
set client_min_messages to warning;
|
|
|
|
truncate auth."user" cascade;
|
|
|
|
reset client_min_messages;
|
|
|
|
|
|
|
|
insert into auth."user" (email, name, password, role, cookie, cookie_expires_at)
|
|
|
|
values ('demo@tandem.blog', 'Demo', 'test', 'invoicer', '44facbb30d8a419dfd4bfbc44a4b5539d4970148dfc84bed0e', current_timestamp + interval '1 month')
|
|
|
|
, ('admin@tandem.blog', 'Demo', 'test', 'admin', '12af4c88b528c2ad4222e3740496ecbc58e76e26f087657524', current_timestamp + interval '1 month')
|
|
|
|
;
|
|
|
|
|
|
|
|
select results_eq (
|
|
|
|
$$ select * from check_cookie('44facbb30d8a419dfd4bfbc44a4b5539d4970148dfc84bed0e/demo@tandem.blog') as (e text, r name) $$,
|
|
|
|
$$ values ('demo@tandem.blog', 'invoicer'::name) $$,
|
|
|
|
'Should validate the cookie for the first user'
|
|
|
|
);
|
|
|
|
|
|
|
|
select results_eq (
|
|
|
|
$$ select * from check_cookie('12af4c88b528c2ad4222e3740496ecbc58e76e26f087657524/admin@tandem.blog') as (e text, r name) $$,
|
|
|
|
$$ values ('admin@tandem.blog', 'admin'::name) $$,
|
|
|
|
'Should validate the cookie for the second user'
|
|
|
|
);
|
|
|
|
|
|
|
|
select results_eq (
|
|
|
|
$$ select * from check_cookie('44facbb30d8a419dfd4bfbc44a4b5539d4970148dfc84bed0e/admin@tandem.blog') as (e text, r name) $$,
|
|
|
|
$$ values ('', 'guest'::name) $$,
|
|
|
|
'Should only match with the correct email'
|
|
|
|
);
|
|
|
|
|
|
|
|
select results_eq (
|
|
|
|
$$ select * from check_cookie('aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/admin@tandem.blog') as (e text, r name) $$,
|
|
|
|
$$ values ('', 'guest'::name) $$,
|
|
|
|
'Should only match with the correct cookie value'
|
|
|
|
);
|
|
|
|
|
|
|
|
update "user" set cookie_expires_at = current_timestamp - interval '1 minute';
|
|
|
|
|
|
|
|
select results_eq (
|
|
|
|
$$ select * from check_cookie('44facbb30d8a419dfd4bfbc44a4b5539d4970148dfc84bed0e/demo@tandem.blog') as (e text, r name) $$,
|
|
|
|
$$ values ('', 'guest'::name) $$,
|
|
|
|
'Should not allow expired cookies'
|
|
|
|
);
|
|
|
|
|
|
|
|
select results_eq (
|
|
|
|
$$ select * from check_cookie('12af4c88b528c2ad4222e3740496ecbc58e76e26f087657524/admin@tandem.blog') as (e text, r name) $$,
|
|
|
|
$$ values ('', 'guest'::name) $$,
|
|
|
|
'Should not allow expired cookied for the other user as well'
|
|
|
|
);
|
|
|
|
|
|
|
|
|
|
|
|
select *
|
|
|
|
from finish();
|
|
|
|
|
|
|
|
rollback;
|