numerus/deploy/logout.sql

-- Deploy numerus:logout to pg
-- requires: schema_auth
-- requires: user
-- requires: current_user_cookie
-- requires: current_user_email

begin;

set search_path to numerus, auth, public;

create or replace function logout() returns void as
$$
update "user"
set cookie = default
  , cookie_expires_at = default
where email = current_user_email()
  and cookie = current_user_cookie()
  and cookie_expires_at > current_timestamp
  and length(cookie) > 30
$$
language sql
security definer
set search_path to auth, numerus, pg_temp;

comment on function logout() is
'Removes the cookie and its expiry data from the current user, as returned by current_user_email and current_user_cookie';

revoke execute on function logout() from public;
grant execute on function logout() to invoicer;
grant execute on function logout() to admin;

commit;
Implement login cookie, its verification, and logout At first i thought that i would need to implement sessions, the ones that keep small files onto the disk, to know which user is talking to the server, but then i realized that, for now at least, i only need a very large number, plus the email address, to be used as a lookup, and that can be stored in the user table, in a separate schema. Had to change login to avoid raising exceptions when login failed because i now keep a record of login attemps, and functions are always run in a single transaction, thus the exception would prevent me to insert into login_attempt. Even if i use a separate procedure, i could not keep the records. I did not want to add a parameter to the logout function because i was afraid that it could be called from separate users. I do not know whether it is possible with the current approach, since the settings variable is also set by the same applications; time will tell. 2023-01-17 19:48:50 +00:00			`-- Deploy numerus:logout to pg`
			`-- requires: schema_auth`
			`-- requires: user`
Use user’ß email for auth funcs and return cookie on email change This is for security, just in case two users have the same cookie, althought it is unlikely, but nevertheless less guessable. I also need to refresh the cookie when the user changes their email address, because it is liked toghether. It does mean that it will logout from everywhere else, but i can not do anything about that. 2023-01-23 20:18:55 +00:00			`-- requires: current_user_cookie`
			`-- requires: current_user_email`
Implement login cookie, its verification, and logout At first i thought that i would need to implement sessions, the ones that keep small files onto the disk, to know which user is talking to the server, but then i realized that, for now at least, i only need a very large number, plus the email address, to be used as a lookup, and that can be stored in the user table, in a separate schema. Had to change login to avoid raising exceptions when login failed because i now keep a record of login attemps, and functions are always run in a single transaction, thus the exception would prevent me to insert into login_attempt. Even if i use a separate procedure, i could not keep the records. I did not want to add a parameter to the logout function because i was afraid that it could be called from separate users. I do not know whether it is possible with the current approach, since the settings variable is also set by the same applications; time will tell. 2023-01-17 19:48:50 +00:00
			`begin;`

			`set search_path to numerus, auth, public;`

			`create or replace function logout() returns void as`
			`$$`
			`update "user"`
			`set cookie = default`
			`, cookie_expires_at = default`
Use user’ß email for auth funcs and return cookie on email change This is for security, just in case two users have the same cookie, althought it is unlikely, but nevertheless less guessable. I also need to refresh the cookie when the user changes their email address, because it is liked toghether. It does mean that it will logout from everywhere else, but i can not do anything about that. 2023-01-23 20:18:55 +00:00			`where email = current_user_email()`
			`and cookie = current_user_cookie()`
Use current_app_user to logout Do not want people being able to logout other users just by setting a number in a setting. 2023-01-23 00:18:05 +00:00			`and cookie_expires_at > current_timestamp`
			`and length(cookie) > 30`
Implement login cookie, its verification, and logout At first i thought that i would need to implement sessions, the ones that keep small files onto the disk, to know which user is talking to the server, but then i realized that, for now at least, i only need a very large number, plus the email address, to be used as a lookup, and that can be stored in the user table, in a separate schema. Had to change login to avoid raising exceptions when login failed because i now keep a record of login attemps, and functions are always run in a single transaction, thus the exception would prevent me to insert into login_attempt. Even if i use a separate procedure, i could not keep the records. I did not want to add a parameter to the logout function because i was afraid that it could be called from separate users. I do not know whether it is possible with the current approach, since the settings variable is also set by the same applications; time will tell. 2023-01-17 19:48:50 +00:00			`$$`
			`language sql`
			`security definer`
			`set search_path to auth, numerus, pg_temp;`

			`comment on function logout() is`
Use user’ß email for auth funcs and return cookie on email change This is for security, just in case two users have the same cookie, althought it is unlikely, but nevertheless less guessable. I also need to refresh the cookie when the user changes their email address, because it is liked toghether. It does mean that it will logout from everywhere else, but i can not do anything about that. 2023-01-23 20:18:55 +00:00			`'Removes the cookie and its expiry data from the current user, as returned by current_user_email and current_user_cookie';`
Implement login cookie, its verification, and logout At first i thought that i would need to implement sessions, the ones that keep small files onto the disk, to know which user is talking to the server, but then i realized that, for now at least, i only need a very large number, plus the email address, to be used as a lookup, and that can be stored in the user table, in a separate schema. Had to change login to avoid raising exceptions when login failed because i now keep a record of login attemps, and functions are always run in a single transaction, thus the exception would prevent me to insert into login_attempt. Even if i use a separate procedure, i could not keep the records. I did not want to add a parameter to the logout function because i was afraid that it could be called from separate users. I do not know whether it is possible with the current approach, since the settings variable is also set by the same applications; time will tell. 2023-01-17 19:48:50 +00:00
			`revoke execute on function logout() from public;`
			`grant execute on function logout() to invoicer;`
			`grant execute on function logout() to admin;`

			`commit;`