NotificationsYou must be signed in to change notification settings
Fork926
Star10.1k

Commit4369f2b

authored

feat: implement api for "forgot password?" flow (#14915)

Relates to#14232This implements two endpoints (names subject to change):- `/api/v2/users/otp/request`- `/api/v2/users/otp/change-password`

1 parent8785a51 commit4369f2bCopy full SHA for 4369f2b

File tree

25 files changed

+1007

-4

lines changed

coderd
- apidoc
  - docs.go
  - swagger.json
- coderd.go
- coderdtest
  - coderdtest.go
  - swaggerparser.go
- database
  - dbauthz
    - dbauthz.go
    - dbauthz_test.go
  - dbmem
    - dbmem.go
  - dbmetrics
    - dbmetrics.go
  - dbmock
    - dbmock.go
  - migrations
    - 000261_notifications_forgot_password.down.sql
    - 000261_notifications_forgot_password.up.sql
  - querier.go
  - queries
    - users.sql
  - queries.sql.go
- notifications
  - events.go
  - notifications_test.go
  - testdata/rendered-templates
    - TemplateUserRequestedOneTimePasscode-body.md.golden
    - TemplateUserRequestedOneTimePasscode-title.md.golden
- userauth.go
- userauth_test.go
codersdk
- users.go
docs/reference/api
- authorization.md
- schemas.md
site/src/api
- typesGenerated.ts

25 files changed

+1007

-4

lines changed

`‎coderd/apidoc/docs.go`

Lines changed: 88 additions & 0 deletions

Some generated files are not rendered by default. Learn more aboutcustomizing how changed files appear on GitHub.

`‎coderd/apidoc/swagger.json`

Lines changed: 74 additions & 0 deletions

Some generated files are not rendered by default. Learn more aboutcustomizing how changed files appear on GitHub.

`‎coderd/coderd.go`

Lines changed: 8 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -248,6 +248,9 @@ type Options struct {`
`248`	`248`
`249`	`249`	`// IDPSync holds all configured values for syncing external IDP users into Coder.`
`250`	`250`	`IDPSync idpsync.IDPSync`
	`251`	`+`
	`252`	`+// OneTimePasscodeValidityPeriod specifies how long a one time passcode should be valid for.`
	`253`	`+OneTimePasscodeValidityPeriod time.Duration`
`251`	`254`	`}`
`252`	`255`
`253`	`256`	`// @title Coder API`
`@@ -387,6 +390,9 @@ func New(options Options) API {`
`387`	`390`	`v:=schedule.NewAGPLUserQuietHoursScheduleStore()`
`388`	`391`	`options.UserQuietHoursScheduleStore.Store(&v)`
`389`	`392`	`}`
	`393`	`+ifoptions.OneTimePasscodeValidityPeriod==0 {`
	`394`	`+options.OneTimePasscodeValidityPeriod=20*time.Minute`
	`395`	`+}`
`390`	`396`
`391`	`397`	`ifoptions.StatsBatcher==nil {`
`392`	`398`	`panic("developer error: options.StatsBatcher is nil")`
`@@ -984,6 +990,8 @@ func New(options Options) API {`
`984`	`990`	`// This value is intentionally increased during tests.`
`985`	`991`	`r.Use(httpmw.RateLimit(options.LoginRateLimit,time.Minute))`
`986`	`992`	`r.Post("/login",api.postLogin)`
	`993`	`+r.Post("/otp/request",api.postRequestOneTimePasscode)`
	`994`	`+r.Post("/otp/change-password",api.postChangePasswordWithOneTimePasscode)`
`987`	`995`	`r.Route("/oauth2",func(r chi.Router) {`
`988`	`996`	`r.Route("/github",func(r chi.Router) {`
`989`	`997`	`r.Use(`

`‎coderd/coderdtest/coderdtest.go`

Lines changed: 8 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -128,6 +128,9 @@ type Options struct {`
`128`	`128`	`LoginRateLimitint`
`129`	`129`	`FilesRateLimitint`
`130`	`130`
	`131`	`+// OneTimePasscodeValidityPeriod specifies how long a one time passcode should be valid for.`
	`132`	`+OneTimePasscodeValidityPeriod time.Duration`
	`133`	`+`
`131`	`134`	`// IncludeProvisionerDaemon when true means to start an in-memory provisionerD`
`132`	`135`	`IncludeProvisionerDaemonbool`
`133`	`136`	`ProvisionerDaemonTagsmap[string]string`
`@@ -311,6 +314,10 @@ func NewOptions(t testing.TB, options *Options) (func(http.Handler), context.Can`
`311`	`314`	`options.NotificationsEnqueuer=&testutil.FakeNotificationsEnqueuer{}`
`312`	`315`	`}`
`313`	`316`
	`317`	`+ifoptions.OneTimePasscodeValidityPeriod==0 {`
	`318`	`+options.OneTimePasscodeValidityPeriod=testutil.WaitLong`
	`319`	`+}`
	`320`	`+`
`314`	`321`	`vartemplateScheduleStore atomic.Pointer[schedule.TemplateScheduleStore]`
`315`	`322`	`ifoptions.TemplateScheduleStore==nil {`
`316`	`323`	`options.TemplateScheduleStore=schedule.NewAGPLTemplateScheduleStore()`
`@@ -530,6 +537,7 @@ func NewOptions(t testing.TB, options *Options) (func(http.Handler), context.Can`
`530`	`537`	`DatabaseRolluper:options.DatabaseRolluper,`
`531`	`538`	`WorkspaceUsageTracker:wuTracker,`
`532`	`539`	`NotificationsEnqueuer:options.NotificationsEnqueuer,`
	`540`	`+OneTimePasscodeValidityPeriod:options.OneTimePasscodeValidityPeriod,`
`533`	`541`	`}`
`534`	`542`	`}`
`535`	`543`

`‎coderd/coderdtest/swaggerparser.go`

Lines changed: 3 additions & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -303,7 +303,9 @@ func assertSecurityDefined(t *testing.T, comment SwaggerComment) {`
`303`	`303`	`ifcomment.router=="/updatecheck"\|\|`
`304`	`304`	`comment.router=="/buildinfo"\|\|`
`305`	`305`	`comment.router=="/"\|\|`
`306`		`-comment.router=="/users/login" {`
	`306`	`+comment.router=="/users/login"\|\|`
	`307`	`+comment.router=="/users/otp/request"\|\|`
	`308`	`+comment.router=="/users/otp/change-password" {`
`307`	`309`	`return// endpoints do not require authorization`
`308`	`310`	`}`
`309`	`311`	`assert.Equal(t,"CoderSessionToken",comment.security,"@Security must be equal CoderSessionToken")`

`‎coderd/database/dbauthz/dbauthz.go`

Lines changed: 8 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -3628,6 +3628,14 @@ func (q *querier) UpdateUserGithubComUserID(ctx context.Context, arg database.Up`
`3628`	`3628`	`returnq.db.UpdateUserGithubComUserID(ctx,arg)`
`3629`	`3629`	`}`
`3630`	`3630`
	`3631`	`+func (q*querier)UpdateUserHashedOneTimePasscode(ctx context.Context,arg database.UpdateUserHashedOneTimePasscodeParams)error {`
	`3632`	`+iferr:=q.authorizeContext(ctx,policy.ActionUpdate,rbac.ResourceSystem);err!=nil {`
	`3633`	`+returnerr`
	`3634`	`+}`
	`3635`	`+`
	`3636`	`+returnq.db.UpdateUserHashedOneTimePasscode(ctx,arg)`
	`3637`	`+}`
	`3638`	`+`
`3631`	`3639`	`func (q*querier)UpdateUserHashedPassword(ctx context.Context,arg database.UpdateUserHashedPasswordParams)error {`
`3632`	`3640`	`user,err:=q.db.GetUserByID(ctx,arg.ID)`
`3633`	`3641`	`iferr!=nil {`

`‎coderd/database/dbauthz/dbauthz_test.go`

Lines changed: 6 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -1187,6 +1187,12 @@ func (s *MethodTestSuite) TestUser() {`
`1187`	`1187`	`ID:u.ID,`
`1188`	`1188`	`}).Asserts(u,policy.ActionUpdatePersonal).Returns()`
`1189`	`1189`	`}))`
	`1190`	`+s.Run("UpdateUserHashedOneTimePasscode",s.Subtest(func(db database.Store,check*expects) {`
	`1191`	`+u:=dbgen.User(s.T(),db, database.User{})`
	`1192`	`+check.Args(database.UpdateUserHashedOneTimePasscodeParams{`
	`1193`	`+ID:u.ID,`
	`1194`	`+}).Asserts(rbac.ResourceSystem,policy.ActionUpdate).Returns()`
	`1195`	`+}))`
`1190`	`1196`	`s.Run("UpdateUserQuietHoursSchedule",s.Subtest(func(db database.Store,check*expects) {`
`1191`	`1197`	`u:=dbgen.User(s.T(),db, database.User{})`
`1192`	`1198`	`check.Args(database.UpdateUserQuietHoursScheduleParams{`

`‎coderd/database/dbmem/dbmem.go`

Lines changed: 22 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -9077,6 +9077,26 @@ func (q *FakeQuerier) UpdateUserGithubComUserID(_ context.Context, arg database.`
`9077`	`9077`	`returnsql.ErrNoRows`
`9078`	`9078`	`}`
`9079`	`9079`
	`9080`	`+func (q*FakeQuerier)UpdateUserHashedOneTimePasscode(_ context.Context,arg database.UpdateUserHashedOneTimePasscodeParams)error {`
	`9081`	`+err:=validateDatabaseType(arg)`
	`9082`	`+iferr!=nil {`
	`9083`	`+returnerr`
	`9084`	`+}`
	`9085`	`+`
	`9086`	`+q.mutex.Lock()`
	`9087`	`+deferq.mutex.Unlock()`
	`9088`	`+`
	`9089`	`+fori,user:=rangeq.users {`
	`9090`	`+ifuser.ID!=arg.ID {`
	`9091`	`+continue`
	`9092`	`+}`
	`9093`	`+user.HashedOneTimePasscode=arg.HashedOneTimePasscode`
	`9094`	`+user.OneTimePasscodeExpiresAt=arg.OneTimePasscodeExpiresAt`
	`9095`	`+q.users[i]=user`
	`9096`	`+}`
	`9097`	`+returnnil`
	`9098`	`+}`
	`9099`	`+`
`9080`	`9100`	`func (q*FakeQuerier)UpdateUserHashedPassword(_ context.Context,arg database.UpdateUserHashedPasswordParams)error {`
`9081`	`9101`	`iferr:=validateDatabaseType(arg);err!=nil {`
`9082`	`9102`	`returnerr`
`@@ -9090,6 +9110,8 @@ func (q *FakeQuerier) UpdateUserHashedPassword(_ context.Context, arg database.U`
`9090`	`9110`	`continue`
`9091`	`9111`	`}`
`9092`	`9112`	`user.HashedPassword=arg.HashedPassword`
	`9113`	`+user.HashedOneTimePasscode=nil`
	`9114`	`+user.OneTimePasscodeExpiresAt= sql.NullTime{}`
`9093`	`9115`	`q.users[i]=user`
`9094`	`9116`	`returnnil`
`9095`	`9117`	`}`

`‎coderd/database/dbmetrics/dbmetrics.go`

Lines changed: 7 additions & 0 deletions

Some generated files are not rendered by default. Learn more aboutcustomizing how changed files appear on GitHub.

`‎coderd/database/dbmock/dbmock.go`

Lines changed: 14 additions & 0 deletions

Some generated files are not rendered by default. Learn more aboutcustomizing how changed files appear on GitHub.

`‎coderd/database/migrations/000261_notifications_forgot_password.down.sql`

Lines changed: 1 addition & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1 @@`
	`1`	`+DELETEFROM notification_templatesWHERE id='62f86a30-2330-4b61-a26d-311ff3b608cf';`

`‎coderd/database/migrations/000261_notifications_forgot_password.up.sql`

Lines changed: 4 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,4 @@`
	`1`	`+INSERT INTO notification_templates (id, name, title_template, body_template,"group", actions)`
	`2`	`+VALUES ('62f86a30-2330-4b61-a26d-311ff3b608cf','One-Time Passcode', E'Your One-Time Passcode for Coder.',`
	`3`	`+ E'Hi {{.UserName}},\n\nA request to reset the password for your Coder account has been made. Your one-time passcode is:\n\n{{.Labels.one_time_passcode}}\n\nIf you did not request to reset your password, you can ignore this message.',`
	`4`	`+'User Events','[]'::jsonb);`

`‎coderd/database/querier.go`

Lines changed: 1 addition & 0 deletions

Some generated files are not rendered by default. Learn more aboutcustomizing how changed files appear on GitHub.

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commit4369f2b

File tree

25 files changed

25 files changed

`‎coderd/apidoc/docs.go`

`‎coderd/apidoc/swagger.json`

`‎coderd/coderd.go`

`‎coderd/coderdtest/coderdtest.go`

`‎coderd/coderdtest/swaggerparser.go`

`‎coderd/database/dbauthz/dbauthz.go`

`‎coderd/database/dbauthz/dbauthz_test.go`

`‎coderd/database/dbmem/dbmem.go`

`‎coderd/database/dbmetrics/dbmetrics.go`

`‎coderd/database/dbmock/dbmock.go`

`‎coderd/database/migrations/000261_notifications_forgot_password.down.sql`

`‎coderd/database/migrations/000261_notifications_forgot_password.up.sql`

`‎coderd/database/querier.go`

0 commit comments