NotificationsYou must be signed in to change notification settings
Fork928
Star10.1k

feat: Add update user password endpoint#1310

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to ourterms of service andprivacy statement. We’ll occasionally send you account related emails.

Already on GitHub?Sign in to your account

Jump to bottom

Merged

BrunoQuaresma merged 17 commits intomainfrombq/update-user-password

May 6, 2022

Merged

feat: Add update user password endpoint#1310

BrunoQuaresma merged 17 commits intomainfrombq/update-user-password

May 6, 2022

Conversation

Copy link

Collaborator

BrunoQuaresma commentedMay 5, 2022

Closes#1309

BrunoQuaresma added5 commits

May 4, 2022 19:47

Add UpdateUserHashedPassword query

346e5e4

chore: Merge branch 'main' of github.com:coder/coder into bq/update-u…

4bd7557

…ser-password

Add database functions

de39cf5

Add update user password endpoint

2fe1716

Add tests and fixes

212020a

BrunoQuaresma requested a review froma team

May 5, 2022 14:03

BrunoQuaresma self-assigned this

May 5, 2022

f0ssel requested changes

May 5, 2022

View reviewed changes

coderd/users.go OutdatedShow resolvedHide resolved

Copy link

CollaboratorAuthor

BrunoQuaresma commentedMay 5, 2022

I realized/remember the UI should be able to update the password for other users as well so I think we should skip the password verification when the user is admin and if it is trying to change another user's password. Or, to make it simple for BETA, I can just remove this verification or comment the block. Thoughts?

Copy link

codecovbot commentedMay 5, 2022•
edited
Loading

Codecov Report

Merging#1310 (671c56d) intomain (0ccf010) willincrease coverage by0.07%.
The diff coverage is60.86%.

@@            Coverage Diff             @@##             main    #1310      +/-   ##==========================================+ Coverage   66.10%   66.18%   +0.07%==========================================  Files         281      281                Lines       18424    18479      +55       Branches      220      220              ==========================================+ Hits        12180    12230      +50- Misses       4982     4984       +2- Partials     1262     1265       +3

Flag	Coverage Δ
unittest-go-macos-latest	`53.61% <54.34%> (+0.05%)`	⬆️
unittest-go-postgres-	`64.97% <60.86%> (+0.09%)`	⬆️
unittest-go-ubuntu-latest	`56.08% <54.34%> (+0.20%)`	⬆️
unittest-go-windows-2022	`52.04% <54.34%> (+0.16%)`	⬆️
unittest-js	`71.61% <ø> (ø)`

Impacted Files	Coverage Δ
coderd/httpmw/userparam.go	`83.67% <ø> (-2.05%)`	⬇️
coderd/rbac/object.go	`100.00% <ø> (ø)`
coderd/users.go	`61.36% <42.30%> (+0.15%)`	⬆️
codersdk/users.go	`65.17% <70.00%> (+0.22%)`	⬆️
coderd/coderd.go	`94.53% <100.00%> (+0.08%)`	⬆️
coderd/coderdtest/coderdtest.go	`98.86% <100.00%> (-0.02%)`	⬇️
coderd/database/queries.sql.go	`78.14% <100.00%> (+0.03%)`	⬆️
codersdk/provisionerdaemons.go	`61.97% <0.00%> (-5.64%)`	⬇️
cli/cliui/agent.go	`77.46% <0.00%> (-5.00%)`	⬇️
provisionerd/provisionerd.go	`76.17% <0.00%> (-0.94%)`	⬇️
... and9 more

Continue to review full report at Codecov.

Legend -Click here to learn more
Δ = absolute <relative> (impact),ø = not affected,? = missing data
Powered byCodecov. Last update0ccf010...671c56d. Read thecomment docs.

Remove confirmation and fix lint issues

2699445

BrunoQuaresma requested a review fromf0ssel

May 5, 2022 14:27

Return hash error as server error

355f163

f0ssel reviewed

May 5, 2022

View reviewed changes

Copy link

Contributor

f0ssel left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others.Learn more.

Do we not have an RBAC gate for admins yet? Kinda worried about shipping this and allow any user to reset any other user's password.

coadler reviewed

May 5, 2022

View reviewed changes

codersdk/users.go OutdatedShow resolvedHide resolved

mafredri reviewed

May 5, 2022

View reviewed changes

Copy link

Member

mafredri left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others.Learn more.

Just a few nits, other than that I think the PR looks good. 👍🏻

codersdk/users.go OutdatedShow resolvedHide resolved

coderd/database/databasefake/databasefake.go OutdatedShow resolvedHide resolved

coderd/database/queries/users.sql OutdatedShow resolvedHide resolved

coderd/users.goShow resolvedHide resolved

coderd/users.go OutdatedShow resolvedHide resolved

BrunoQuaresmaand others added5 commits

May 5, 2022 12:07

Update coderd/database/databasefake/databasefake.go

56b29fd

Co-authored-by: Mathias Fredriksson <mafredri@gmail.com>

Improve readbility

30b8f15

Add RBAC

f6be255

Fix route

5df5763

Merge branch 'bq/update-user-password' of github.com:coder/coder into…

b9dbd64

… bq/update-user-password

Copy link

CollaboratorAuthor

BrunoQuaresma commentedMay 5, 2022

@f0ssel RBAC added!

BrunoQuaresma requested review fromf0ssel andmafredri

May 5, 2022 17:16

Add missing TS types

69af903

BrunoQuaresma requested a review froma team as acode owner

May 5, 2022 17:17

presleyp approved these changes

May 5, 2022

View reviewed changes

Copy link

Contributor

presleyp left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others.Learn more.

The frontend bit looks good to me!

Update update password request params

d85092b

f0ssel approved these changes

May 5, 2022

View reviewed changes

Copy link

Contributor

f0ssel left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others.Learn more.

Small suggestions but it looks good 👍

coderd/users.go OutdatedShow resolvedHide resolved

coderd/users_test.go

		@@ -287,6 +287,41 @@ func TestUpdateUserProfile(t *testing.T) {
		})
		}

		func TestUpdateUserPassword(t *testing.T) {

Copy link

Contributor

f0sselMay 5, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others.Learn more.

Let's also add some tests to make sure the rbac is working here, I'd like to ensure that the user itself cannot perform this action, and neither can other non-admin users.

Copy link

CollaboratorAuthor

BrunoQuaresmaMay 5, 2022•
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others.Learn more.

So from what I'm understanding we want to test:

A non-admin user can't update any password
An admin can update another user's password

Is that?

Copy link

CollaboratorAuthor

BrunoQuaresmaMay 6, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others.Learn more.

Updated!

Remove confirm password from the API

96ce751

BrunoQuaresmaand others added2 commits

May 5, 2022 14:57

Update coderd/users.go

4f9f506

Co-authored-by: Garrett Delfosse <garrett@coder.com>

Remove user restriction and refactor tests

671c56d

BrunoQuaresma commented

May 6, 2022

View reviewed changes

coderd/httpmw/userparam.go

		@@ -76,14 +76,6 @@ func ExtractUserParam(db database.Store) func(http.Handler) http.Handler {
		}
		}

		apiKey := APIKey(r)
		if apiKey.UserID != user.ID {

Copy link

CollaboratorAuthor

BrunoQuaresmaMay 6, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others.Learn more.

I removed this because it was "overriding" RBAC roles. I know we don’t have the RBAC in place for all the user routes, but I can try to do that next. Probably I can send a PR on Monday. Thoughts? cc.:@f0ssel