From 8fd22672c78a3030332afabaae3146f05bc62683 Mon Sep 17 00:00:00 2001
From: jordi fita mas <jordi@tandem.blog>
Date: Tue, 17 Jan 2023 13:12:18 +0100
Subject: [PATCH] Create pgcrypto extension into auth schema

Will only be used there, no need to be in public, and this way i can
limit the search_path for security definer functions.
---
 deploy/extension_pgcrypto.sql | 4 ++--
 sqitch.plan                   | 2 +-
 test/login.sql                | 2 +-
 3 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/deploy/extension_pgcrypto.sql b/deploy/extension_pgcrypto.sql
index 88a0e8c..d900649 100644
--- a/deploy/extension_pgcrypto.sql
+++ b/deploy/extension_pgcrypto.sql
@@ -1,8 +1,8 @@
 -- Deploy numerus:extension_pgcrypto to pg
--- requires: schema_public
+-- requires: schema_auth
 
 begin;
 
-create extension if not exists pgcrypto;
+create extension if not exists pgcrypto with schema auth;
 
 commit;
diff --git a/sqitch.plan b/sqitch.plan
index bda62f5..bb60fc6 100644
--- a/sqitch.plan
+++ b/sqitch.plan
@@ -10,7 +10,7 @@ extension_citext [schema_public] 2023-01-12T23:03:33Z jordi fita i mas <jfita@in
 email [schema_numerus extension_citext] 2023-01-12T23:09:59Z jordi fita i mas <jfita@infoblitz.com> # Add email domain
 user [roles schema_auth email] 2023-01-12T23:44:03Z jordi fita i mas <jfita@infoblitz.com> # Create user table
 ensure_role_exists [schema_auth user] 2023-01-12T23:57:59Z jordi fita i mas <jfita@infoblitz.com> # Add trigger to ensure the user’s role exists
-extension_pgcrypto [schema_public] 2023-01-13T00:11:50Z jordi fita i mas <jfita@infoblitz.com> # Add pgcrypto extension
+extension_pgcrypto [schema_auth] 2023-01-13T00:11:50Z jordi fita i mas <jfita@infoblitz.com> # Add pgcrypto extension
 encrypt_password [schema_auth user extension_pgcrypto] 2023-01-13T00:14:30Z jordi fita i mas <jfita@infoblitz.com> # Add trigger to encrypt user’s password
 find_user_role [schema_auth user email] 2023-01-13T00:22:34Z jordi fita i mas <jfita@infoblitz.com> # Add function to find a user’s role given its email and password
 login [roles schema_numerus email user find_user_role] 2023-01-13T00:32:32Z jordi fita i mas <jfita@infoblitz.com> # Add function to login
diff --git a/test/login.sql b/test/login.sql
index 58998c2..7130ae1 100644
--- a/test/login.sql
+++ b/test/login.sql
@@ -7,7 +7,7 @@ begin;
 
 select plan(12);
 
-set search_path to numerus, public;
+set search_path to numerus, auth, public;
 
 select has_function('login');
 select function_lang_is('login', array ['email', 'text'], 'plpgsql');