Implement login cookie, its verification, and logout
At first i thought that i would need to implement sessions, the ones
that keep small files onto the disk, to know which user is talking to
the server, but then i realized that, for now at least, i only need a
very large number, plus the email address, to be used as a lookup, and
that can be stored in the user table, in a separate schema.
Had to change login to avoid raising exceptions when login failed
because i now keep a record of login attemps, and functions are always
run in a single transaction, thus the exception would prevent me to
insert into login_attempt. Even if i use a separate procedure, i could
not keep the records.
I did not want to add a parameter to the logout function because i was
afraid that it could be called from separate users. I do not know
whether it is possible with the current approach, since the settings
variable is also set by the same applications; time will tell.
2023-01-17 19:48:50 +00:00
|
|
|
-- Deploy numerus:logout to pg
|
|
|
|
-- requires: schema_auth
|
|
|
|
-- requires: user
|
2023-01-23 00:18:05 +00:00
|
|
|
-- requires: current_app_user
|
Implement login cookie, its verification, and logout
At first i thought that i would need to implement sessions, the ones
that keep small files onto the disk, to know which user is talking to
the server, but then i realized that, for now at least, i only need a
very large number, plus the email address, to be used as a lookup, and
that can be stored in the user table, in a separate schema.
Had to change login to avoid raising exceptions when login failed
because i now keep a record of login attemps, and functions are always
run in a single transaction, thus the exception would prevent me to
insert into login_attempt. Even if i use a separate procedure, i could
not keep the records.
I did not want to add a parameter to the logout function because i was
afraid that it could be called from separate users. I do not know
whether it is possible with the current approach, since the settings
variable is also set by the same applications; time will tell.
2023-01-17 19:48:50 +00:00
|
|
|
|
|
|
|
begin;
|
|
|
|
|
|
|
|
set search_path to numerus, auth, public;
|
|
|
|
|
|
|
|
create or replace function logout() returns void as
|
|
|
|
$$
|
|
|
|
update "user"
|
|
|
|
set cookie = default
|
|
|
|
, cookie_expires_at = default
|
2023-01-23 00:18:05 +00:00
|
|
|
where cookie = current_app_user()
|
|
|
|
and cookie_expires_at > current_timestamp
|
|
|
|
and length(cookie) > 30
|
Implement login cookie, its verification, and logout
At first i thought that i would need to implement sessions, the ones
that keep small files onto the disk, to know which user is talking to
the server, but then i realized that, for now at least, i only need a
very large number, plus the email address, to be used as a lookup, and
that can be stored in the user table, in a separate schema.
Had to change login to avoid raising exceptions when login failed
because i now keep a record of login attemps, and functions are always
run in a single transaction, thus the exception would prevent me to
insert into login_attempt. Even if i use a separate procedure, i could
not keep the records.
I did not want to add a parameter to the logout function because i was
afraid that it could be called from separate users. I do not know
whether it is possible with the current approach, since the settings
variable is also set by the same applications; time will tell.
2023-01-17 19:48:50 +00:00
|
|
|
$$
|
|
|
|
language sql
|
|
|
|
security definer
|
|
|
|
set search_path to auth, numerus, pg_temp;
|
|
|
|
|
|
|
|
comment on function logout() is
|
|
|
|
'Removes the cookie and its expiry data from the current user, set as request.user setting';
|
|
|
|
|
|
|
|
revoke execute on function logout() from public;
|
|
|
|
grant execute on function logout() to invoicer;
|
|
|
|
grant execute on function logout() to admin;
|
|
|
|
|
|
|
|
commit;
|