“Merge” find_user_role and login
I honestly do not remember why i thought i needed the find_user function: it is just a select with a query that i only need in a single place—when login. I belive it was a missguided attempt to “write the function safer”, in hopes that calling a function won’t have the same problems as when querying a table, but this is fixed with the search_path, that i added. There is no pgTAP for this, i believe.
This commit is contained in:
parent
8fd22672c7
commit
97ac586a3b
|
|
@ -1,26 +0,0 @@
|
||||||
-- Deploy numerus:find_user_role to pg
|
|
||||||
-- requires: schema_auth
|
|
||||||
-- requires: user
|
|
||||||
-- requires: email
|
|
||||||
|
|
||||||
begin;
|
|
||||||
|
|
||||||
set search_path to auth, numerus, public;
|
|
||||||
|
|
||||||
create or replace function find_user_role(email email, password text) returns name
|
|
||||||
as
|
|
||||||
$$
|
|
||||||
select role
|
|
||||||
from auth."user"
|
|
||||||
where "user".email = find_user_role.email
|
|
||||||
and "user".password = crypt(find_user_role.password, "user".password);
|
|
||||||
$$
|
|
||||||
language sql
|
|
||||||
stable;
|
|
||||||
|
|
||||||
comment on function find_user_role(email, text) is
|
|
||||||
'Return the database role assigned to the user with the given email and password';
|
|
||||||
|
|
||||||
revoke execute on function find_user_role(email, text) from public;
|
|
||||||
|
|
||||||
commit;
|
|
||||||
|
|
@ -1,9 +1,9 @@
|
||||||
-- Deploy numerus:login to pg
|
-- Deploy numerus:login to pg
|
||||||
-- requires: roles
|
-- requires: roles
|
||||||
-- requires: schema_numerus
|
-- requires: schema_numerus
|
||||||
|
-- requires: schema_auth
|
||||||
-- requires: email
|
-- requires: email
|
||||||
-- requires: user
|
-- requires: user
|
||||||
-- requires: find_user_role
|
|
||||||
|
|
||||||
begin;
|
begin;
|
||||||
|
|
||||||
|
|
@ -12,18 +12,25 @@ set search_path to numerus, auth;
|
||||||
create or replace function login(email email, password text) returns name as
|
create or replace function login(email email, password text) returns name as
|
||||||
$$
|
$$
|
||||||
declare
|
declare
|
||||||
role name;
|
user_role name;
|
||||||
begin
|
begin
|
||||||
select auth.find_user_role(email, password) into role;
|
select role
|
||||||
if role is null then
|
into user_role
|
||||||
|
from "user"
|
||||||
|
where "user".email = login.email
|
||||||
|
and "user".password = crypt(login.password, "user".password);
|
||||||
|
|
||||||
|
if user_role is null then
|
||||||
raise invalid_password using message = 'invalid user or password';
|
raise invalid_password using message = 'invalid user or password';
|
||||||
end if;
|
end if;
|
||||||
return role;
|
|
||||||
|
return user_role;
|
||||||
end;
|
end;
|
||||||
$$
|
$$
|
||||||
language plpgsql
|
language plpgsql
|
||||||
stable
|
stable
|
||||||
security definer;
|
security definer
|
||||||
|
set search_path = auth, numerus, pg_temp;
|
||||||
|
|
||||||
comment on function login(email, text) is
|
comment on function login(email, text) is
|
||||||
'Checks that the email and password pair is valid and returns the user’s databasse role.';
|
'Checks that the email and password pair is valid and returns the user’s databasse role.';
|
||||||
|
|
|
||||||
|
|
@ -1,7 +0,0 @@
|
||||||
-- Revert numerus:find_user_role from pg
|
|
||||||
|
|
||||||
begin;
|
|
||||||
|
|
||||||
drop function if exists auth.find_user_role(numerus.email, text);
|
|
||||||
|
|
||||||
commit;
|
|
||||||
|
|
@ -12,5 +12,4 @@ user [roles schema_auth email] 2023-01-12T23:44:03Z jordi fita i mas <jfita@info
|
||||||
ensure_role_exists [schema_auth user] 2023-01-12T23:57:59Z jordi fita i mas <jfita@infoblitz.com> # Add trigger to ensure the user’s role exists
|
ensure_role_exists [schema_auth user] 2023-01-12T23:57:59Z jordi fita i mas <jfita@infoblitz.com> # Add trigger to ensure the user’s role exists
|
||||||
extension_pgcrypto [schema_auth] 2023-01-13T00:11:50Z jordi fita i mas <jfita@infoblitz.com> # Add pgcrypto extension
|
extension_pgcrypto [schema_auth] 2023-01-13T00:11:50Z jordi fita i mas <jfita@infoblitz.com> # Add pgcrypto extension
|
||||||
encrypt_password [schema_auth user extension_pgcrypto] 2023-01-13T00:14:30Z jordi fita i mas <jfita@infoblitz.com> # Add trigger to encrypt user’s password
|
encrypt_password [schema_auth user extension_pgcrypto] 2023-01-13T00:14:30Z jordi fita i mas <jfita@infoblitz.com> # Add trigger to encrypt user’s password
|
||||||
find_user_role [schema_auth user email] 2023-01-13T00:22:34Z jordi fita i mas <jfita@infoblitz.com> # Add function to find a user’s role given its email and password
|
login [roles schema_numerus schema_auth email user] 2023-01-13T00:32:32Z jordi fita i mas <jfita@infoblitz.com> # Add function to login
|
||||||
login [roles schema_numerus email user find_user_role] 2023-01-13T00:32:32Z jordi fita i mas <jfita@infoblitz.com> # Add function to login
|
|
||||||
|
|
|
||||||
|
|
@ -1,51 +0,0 @@
|
||||||
-- Test find_user_role
|
|
||||||
set client_min_messages to warning;
|
|
||||||
create extension if not exists pgtap;
|
|
||||||
reset client_min_messages;
|
|
||||||
|
|
||||||
begin;
|
|
||||||
|
|
||||||
select plan(12);
|
|
||||||
|
|
||||||
set search_path to auth, numerus, public;
|
|
||||||
|
|
||||||
select has_function('find_user_role');
|
|
||||||
select function_lang_is('find_user_role', array ['email', 'text'], 'sql');
|
|
||||||
select function_returns('find_user_role', array ['email', 'text'], 'name');
|
|
||||||
select isnt_definer('find_user_role', array ['email', 'text']);
|
|
||||||
select volatility_is('find_user_role', array ['email', 'text'], 'stable');
|
|
||||||
select function_privs_are('find_user_role', array ['email', 'text'], 'guest', array []::text[]);
|
|
||||||
select function_privs_are('find_user_role', array ['email', 'text'], 'invoicer', array []::text[]);
|
|
||||||
select function_privs_are('find_user_role', array ['email', 'text'], 'admin', array []::text[]);
|
|
||||||
select function_privs_are('find_user_role', array ['email', 'text'], 'authenticator', array []::text[]);
|
|
||||||
|
|
||||||
set client_min_messages to warning;
|
|
||||||
truncate "user" cascade;
|
|
||||||
reset client_min_messages;
|
|
||||||
|
|
||||||
insert into "user" (email, name, password, role)
|
|
||||||
values ('info@tandem.blog', 'Perita', 'test', 'guest');
|
|
||||||
|
|
||||||
select is(
|
|
||||||
find_user_role('info@tandem.blog', 'test'),
|
|
||||||
'guest'::name,
|
|
||||||
'Should find the role with the correct email and password'
|
|
||||||
);
|
|
||||||
|
|
||||||
select is(
|
|
||||||
find_user_role('info@tandem.blog', 'mah password'),
|
|
||||||
NULL::name,
|
|
||||||
'Should not find any role with an invalid password'
|
|
||||||
);
|
|
||||||
|
|
||||||
select is(
|
|
||||||
find_user_role('nope@tandem.blog', 'test'),
|
|
||||||
NULL::name,
|
|
||||||
'Should not find any role with an invalid email'
|
|
||||||
);
|
|
||||||
|
|
||||||
|
|
||||||
select *
|
|
||||||
from finish();
|
|
||||||
|
|
||||||
rollback;
|
|
||||||
|
|
@ -1,7 +0,0 @@
|
||||||
-- Verify numerus:find_user_role on pg
|
|
||||||
|
|
||||||
begin;
|
|
||||||
|
|
||||||
select has_function_privilege('auth.find_user_role(numerus.email, text)', 'execute');
|
|
||||||
|
|
||||||
rollback;
|
|
||||||
Loading…
Reference in New Issue