mirror of
https://github.com/coder/coder.git
synced 2025-07-15 22:20:27 +00:00
feat: add one time passcode columns to users table (#14797)
This commit is contained in:
Danielle Maywood
GitHub
12
coderd/database/dump.sql
generated
12
coderd/database/dump.sql
generated
@ -663,7 +663,11 @@ CREATE TABLE users (
|
|||||||
quiet_hours_schedule text DEFAULT ''::text NOT NULL,
|
quiet_hours_schedule text DEFAULT ''::text NOT NULL,
|
||||||
theme_preference text DEFAULT ''::text NOT NULL,
|
theme_preference text DEFAULT ''::text NOT NULL,
|
||||||
name text DEFAULT ''::text NOT NULL,
|
name text DEFAULT ''::text NOT NULL,
|
||||||
github_com_user_id bigint
|
github_com_user_id bigint,
|
||||||
|
hashed_one_time_passcode bytea,
|
||||||
|
one_time_passcode_expires_at timestamp with time zone,
|
||||||
|
must_reset_password boolean DEFAULT false NOT NULL,
|
||||||
|
CONSTRAINT one_time_passcode_set CHECK ((((hashed_one_time_passcode IS NULL) AND (one_time_passcode_expires_at IS NULL)) OR ((hashed_one_time_passcode IS NOT NULL) AND (one_time_passcode_expires_at IS NOT NULL))))
|
||||||
);
|
);
|
||||||
|
|
||||||
COMMENT ON COLUMN users.quiet_hours_schedule IS 'Daily (!) cron schedule (with optional CRON_TZ) signifying the start of the user''s quiet hours. If empty, the default quiet hours on the instance is used instead.';
|
COMMENT ON COLUMN users.quiet_hours_schedule IS 'Daily (!) cron schedule (with optional CRON_TZ) signifying the start of the user''s quiet hours. If empty, the default quiet hours on the instance is used instead.';
|
||||||
@ -674,6 +678,12 @@ COMMENT ON COLUMN users.name IS 'Name of the Coder user';
|
|||||||
|
|
||||||
COMMENT ON COLUMN users.github_com_user_id IS 'The GitHub.com numerical user ID. At time of implementation, this is used to check if the user has starred the Coder repository.';
|
COMMENT ON COLUMN users.github_com_user_id IS 'The GitHub.com numerical user ID. At time of implementation, this is used to check if the user has starred the Coder repository.';
|
||||||
|
|
||||||
|
COMMENT ON COLUMN users.hashed_one_time_passcode IS 'A hash of the one-time-passcode given to the user.';
|
||||||
|
|
||||||
|
COMMENT ON COLUMN users.one_time_passcode_expires_at IS 'The time when the one-time-passcode expires.';
|
||||||
|
|
||||||
|
COMMENT ON COLUMN users.must_reset_password IS 'Determines if the user should be forced to change their password.';
|
||||||
|
|
||||||
CREATE VIEW group_members_expanded AS
|
CREATE VIEW group_members_expanded AS
|
||||||
WITH all_members AS (
|
WITH all_members AS (
|
||||||
SELECT group_members.user_id,
|
SELECT group_members.user_id,
|
||||||
|
|||||||
@ -0,0 +1,5 @@
|
|||||||
|
ALTER TABLE users DROP CONSTRAINT one_time_passcode_set;
|
||||||
|
|
||||||
|
ALTER TABLE users DROP COLUMN hashed_one_time_passcode;
|
||||||
|
ALTER TABLE users DROP COLUMN one_time_passcode_expires_at;
|
||||||
|
ALTER TABLE users DROP COLUMN must_reset_password;
|
||||||
@ -0,0 +1,13 @@
|
|||||||
|
ALTER TABLE users ADD COLUMN hashed_one_time_passcode bytea;
|
||||||
|
COMMENT ON COLUMN users.hashed_one_time_passcode IS 'A hash of the one-time-passcode given to the user.';
|
||||||
|
|
||||||
|
ALTER TABLE users ADD COLUMN one_time_passcode_expires_at timestamp with time zone;
|
||||||
|
COMMENT ON COLUMN users.one_time_passcode_expires_at IS 'The time when the one-time-passcode expires.';
|
||||||
|
|
||||||
|
ALTER TABLE users ADD CONSTRAINT one_time_passcode_set CHECK (
|
||||||
|
(hashed_one_time_passcode IS NULL AND one_time_passcode_expires_at IS NULL)
|
||||||
|
OR (hashed_one_time_passcode IS NOT NULL AND one_time_passcode_expires_at IS NOT NULL)
|
||||||
|
);
|
||||||
|
|
||||||
|
ALTER TABLE users ADD COLUMN must_reset_password bool NOT NULL DEFAULT false;
|
||||||
|
COMMENT ON COLUMN users.must_reset_password IS 'Determines if the user should be forced to change their password.';
|
||||||
@ -364,6 +364,9 @@ func (q *sqlQuerier) GetAuthorizedUsers(ctx context.Context, arg GetUsersParams,
|
|||||||
&i.ThemePreference,
|
&i.ThemePreference,
|
||||||
&i.Name,
|
&i.Name,
|
||||||
&i.GithubComUserID,
|
&i.GithubComUserID,
|
||||||
|
&i.HashedOneTimePasscode,
|
||||||
|
&i.OneTimePasscodeExpiresAt,
|
||||||
|
&i.MustResetPassword,
|
||||||
&i.Count,
|
&i.Count,
|
||||||
); err != nil {
|
); err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
|
|||||||
@ -2869,6 +2869,12 @@ type User struct {
|
|||||||
Name string `db:"name" json:"name"`
|
Name string `db:"name" json:"name"`
|
||||||
// The GitHub.com numerical user ID. At time of implementation, this is used to check if the user has starred the Coder repository.
|
// The GitHub.com numerical user ID. At time of implementation, this is used to check if the user has starred the Coder repository.
|
||||||
GithubComUserID sql.NullInt64 `db:"github_com_user_id" json:"github_com_user_id"`
|
GithubComUserID sql.NullInt64 `db:"github_com_user_id" json:"github_com_user_id"`
|
||||||
|
// A hash of the one-time-passcode given to the user.
|
||||||
|
HashedOneTimePasscode []byte `db:"hashed_one_time_passcode" json:"hashed_one_time_passcode"`
|
||||||
|
// The time when the one-time-passcode expires.
|
||||||
|
OneTimePasscodeExpiresAt sql.NullTime `db:"one_time_passcode_expires_at" json:"one_time_passcode_expires_at"`
|
||||||
|
// Determines if the user should be forced to change their password.
|
||||||
|
MustResetPassword bool `db:"must_reset_password" json:"must_reset_password"`
|
||||||
}
|
}
|
||||||
|
|
||||||
type UserLink struct {
|
type UserLink struct {
|
||||||
|
|||||||
@ -9993,7 +9993,7 @@ func (q *sqlQuerier) GetAuthorizationUserRoles(ctx context.Context, userID uuid.
|
|||||||
|
|
||||||
const getUserByEmailOrUsername = `-- name: GetUserByEmailOrUsername :one
|
const getUserByEmailOrUsername = `-- name: GetUserByEmailOrUsername :one
|
||||||
SELECT
|
SELECT
|
||||||
id, email, username, hashed_password, created_at, updated_at, status, rbac_roles, login_type, avatar_url, deleted, last_seen_at, quiet_hours_schedule, theme_preference, name, github_com_user_id
|
id, email, username, hashed_password, created_at, updated_at, status, rbac_roles, login_type, avatar_url, deleted, last_seen_at, quiet_hours_schedule, theme_preference, name, github_com_user_id, hashed_one_time_passcode, one_time_passcode_expires_at, must_reset_password
|
||||||
FROM
|
FROM
|
||||||
users
|
users
|
||||||
WHERE
|
WHERE
|
||||||
@ -10028,13 +10028,16 @@ func (q *sqlQuerier) GetUserByEmailOrUsername(ctx context.Context, arg GetUserBy
|
|||||||
&i.ThemePreference,
|
&i.ThemePreference,
|
||||||
&i.Name,
|
&i.Name,
|
||||||
&i.GithubComUserID,
|
&i.GithubComUserID,
|
||||||
|
&i.HashedOneTimePasscode,
|
||||||
|
&i.OneTimePasscodeExpiresAt,
|
||||||
|
&i.MustResetPassword,
|
||||||
)
|
)
|
||||||
return i, err
|
return i, err
|
||||||
}
|
}
|
||||||
|
|
||||||
const getUserByID = `-- name: GetUserByID :one
|
const getUserByID = `-- name: GetUserByID :one
|
||||||
SELECT
|
SELECT
|
||||||
id, email, username, hashed_password, created_at, updated_at, status, rbac_roles, login_type, avatar_url, deleted, last_seen_at, quiet_hours_schedule, theme_preference, name, github_com_user_id
|
id, email, username, hashed_password, created_at, updated_at, status, rbac_roles, login_type, avatar_url, deleted, last_seen_at, quiet_hours_schedule, theme_preference, name, github_com_user_id, hashed_one_time_passcode, one_time_passcode_expires_at, must_reset_password
|
||||||
FROM
|
FROM
|
||||||
users
|
users
|
||||||
WHERE
|
WHERE
|
||||||
@ -10063,6 +10066,9 @@ func (q *sqlQuerier) GetUserByID(ctx context.Context, id uuid.UUID) (User, error
|
|||||||
&i.ThemePreference,
|
&i.ThemePreference,
|
||||||
&i.Name,
|
&i.Name,
|
||||||
&i.GithubComUserID,
|
&i.GithubComUserID,
|
||||||
|
&i.HashedOneTimePasscode,
|
||||||
|
&i.OneTimePasscodeExpiresAt,
|
||||||
|
&i.MustResetPassword,
|
||||||
)
|
)
|
||||||
return i, err
|
return i, err
|
||||||
}
|
}
|
||||||
@ -10085,7 +10091,7 @@ func (q *sqlQuerier) GetUserCount(ctx context.Context) (int64, error) {
|
|||||||
|
|
||||||
const getUsers = `-- name: GetUsers :many
|
const getUsers = `-- name: GetUsers :many
|
||||||
SELECT
|
SELECT
|
||||||
id, email, username, hashed_password, created_at, updated_at, status, rbac_roles, login_type, avatar_url, deleted, last_seen_at, quiet_hours_schedule, theme_preference, name, github_com_user_id, COUNT(*) OVER() AS count
|
id, email, username, hashed_password, created_at, updated_at, status, rbac_roles, login_type, avatar_url, deleted, last_seen_at, quiet_hours_schedule, theme_preference, name, github_com_user_id, hashed_one_time_passcode, one_time_passcode_expires_at, must_reset_password, COUNT(*) OVER() AS count
|
||||||
FROM
|
FROM
|
||||||
users
|
users
|
||||||
WHERE
|
WHERE
|
||||||
@ -10169,23 +10175,26 @@ type GetUsersParams struct {
|
|||||||
}
|
}
|
||||||
|
|
||||||
type GetUsersRow struct {
|
type GetUsersRow struct {
|
||||||
ID uuid.UUID `db:"id" json:"id"`
|
ID uuid.UUID `db:"id" json:"id"`
|
||||||
Email string `db:"email" json:"email"`
|
Email string `db:"email" json:"email"`
|
||||||
Username string `db:"username" json:"username"`
|
Username string `db:"username" json:"username"`
|
||||||
HashedPassword []byte `db:"hashed_password" json:"hashed_password"`
|
HashedPassword []byte `db:"hashed_password" json:"hashed_password"`
|
||||||
CreatedAt time.Time `db:"created_at" json:"created_at"`
|
CreatedAt time.Time `db:"created_at" json:"created_at"`
|
||||||
UpdatedAt time.Time `db:"updated_at" json:"updated_at"`
|
UpdatedAt time.Time `db:"updated_at" json:"updated_at"`
|
||||||
Status UserStatus `db:"status" json:"status"`
|
Status UserStatus `db:"status" json:"status"`
|
||||||
RBACRoles pq.StringArray `db:"rbac_roles" json:"rbac_roles"`
|
RBACRoles pq.StringArray `db:"rbac_roles" json:"rbac_roles"`
|
||||||
LoginType LoginType `db:"login_type" json:"login_type"`
|
LoginType LoginType `db:"login_type" json:"login_type"`
|
||||||
AvatarURL string `db:"avatar_url" json:"avatar_url"`
|
AvatarURL string `db:"avatar_url" json:"avatar_url"`
|
||||||
Deleted bool `db:"deleted" json:"deleted"`
|
Deleted bool `db:"deleted" json:"deleted"`
|
||||||
LastSeenAt time.Time `db:"last_seen_at" json:"last_seen_at"`
|
LastSeenAt time.Time `db:"last_seen_at" json:"last_seen_at"`
|
||||||
QuietHoursSchedule string `db:"quiet_hours_schedule" json:"quiet_hours_schedule"`
|
QuietHoursSchedule string `db:"quiet_hours_schedule" json:"quiet_hours_schedule"`
|
||||||
ThemePreference string `db:"theme_preference" json:"theme_preference"`
|
ThemePreference string `db:"theme_preference" json:"theme_preference"`
|
||||||
Name string `db:"name" json:"name"`
|
Name string `db:"name" json:"name"`
|
||||||
GithubComUserID sql.NullInt64 `db:"github_com_user_id" json:"github_com_user_id"`
|
GithubComUserID sql.NullInt64 `db:"github_com_user_id" json:"github_com_user_id"`
|
||||||
Count int64 `db:"count" json:"count"`
|
HashedOneTimePasscode []byte `db:"hashed_one_time_passcode" json:"hashed_one_time_passcode"`
|
||||||
|
OneTimePasscodeExpiresAt sql.NullTime `db:"one_time_passcode_expires_at" json:"one_time_passcode_expires_at"`
|
||||||
|
MustResetPassword bool `db:"must_reset_password" json:"must_reset_password"`
|
||||||
|
Count int64 `db:"count" json:"count"`
|
||||||
}
|
}
|
||||||
|
|
||||||
// This will never return deleted users.
|
// This will never return deleted users.
|
||||||
@ -10224,6 +10233,9 @@ func (q *sqlQuerier) GetUsers(ctx context.Context, arg GetUsersParams) ([]GetUse
|
|||||||
&i.ThemePreference,
|
&i.ThemePreference,
|
||||||
&i.Name,
|
&i.Name,
|
||||||
&i.GithubComUserID,
|
&i.GithubComUserID,
|
||||||
|
&i.HashedOneTimePasscode,
|
||||||
|
&i.OneTimePasscodeExpiresAt,
|
||||||
|
&i.MustResetPassword,
|
||||||
&i.Count,
|
&i.Count,
|
||||||
); err != nil {
|
); err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
@ -10240,7 +10252,7 @@ func (q *sqlQuerier) GetUsers(ctx context.Context, arg GetUsersParams) ([]GetUse
|
|||||||
}
|
}
|
||||||
|
|
||||||
const getUsersByIDs = `-- name: GetUsersByIDs :many
|
const getUsersByIDs = `-- name: GetUsersByIDs :many
|
||||||
SELECT id, email, username, hashed_password, created_at, updated_at, status, rbac_roles, login_type, avatar_url, deleted, last_seen_at, quiet_hours_schedule, theme_preference, name, github_com_user_id FROM users WHERE id = ANY($1 :: uuid [ ])
|
SELECT id, email, username, hashed_password, created_at, updated_at, status, rbac_roles, login_type, avatar_url, deleted, last_seen_at, quiet_hours_schedule, theme_preference, name, github_com_user_id, hashed_one_time_passcode, one_time_passcode_expires_at, must_reset_password FROM users WHERE id = ANY($1 :: uuid [ ])
|
||||||
`
|
`
|
||||||
|
|
||||||
// This shouldn't check for deleted, because it's frequently used
|
// This shouldn't check for deleted, because it's frequently used
|
||||||
@ -10272,6 +10284,9 @@ func (q *sqlQuerier) GetUsersByIDs(ctx context.Context, ids []uuid.UUID) ([]User
|
|||||||
&i.ThemePreference,
|
&i.ThemePreference,
|
||||||
&i.Name,
|
&i.Name,
|
||||||
&i.GithubComUserID,
|
&i.GithubComUserID,
|
||||||
|
&i.HashedOneTimePasscode,
|
||||||
|
&i.OneTimePasscodeExpiresAt,
|
||||||
|
&i.MustResetPassword,
|
||||||
); err != nil {
|
); err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
@ -10300,7 +10315,7 @@ INSERT INTO
|
|||||||
login_type
|
login_type
|
||||||
)
|
)
|
||||||
VALUES
|
VALUES
|
||||||
($1, $2, $3, $4, $5, $6, $7, $8, $9) RETURNING id, email, username, hashed_password, created_at, updated_at, status, rbac_roles, login_type, avatar_url, deleted, last_seen_at, quiet_hours_schedule, theme_preference, name, github_com_user_id
|
($1, $2, $3, $4, $5, $6, $7, $8, $9) RETURNING id, email, username, hashed_password, created_at, updated_at, status, rbac_roles, login_type, avatar_url, deleted, last_seen_at, quiet_hours_schedule, theme_preference, name, github_com_user_id, hashed_one_time_passcode, one_time_passcode_expires_at, must_reset_password
|
||||||
`
|
`
|
||||||
|
|
||||||
type InsertUserParams struct {
|
type InsertUserParams struct {
|
||||||
@ -10345,6 +10360,9 @@ func (q *sqlQuerier) InsertUser(ctx context.Context, arg InsertUserParams) (User
|
|||||||
&i.ThemePreference,
|
&i.ThemePreference,
|
||||||
&i.Name,
|
&i.Name,
|
||||||
&i.GithubComUserID,
|
&i.GithubComUserID,
|
||||||
|
&i.HashedOneTimePasscode,
|
||||||
|
&i.OneTimePasscodeExpiresAt,
|
||||||
|
&i.MustResetPassword,
|
||||||
)
|
)
|
||||||
return i, err
|
return i, err
|
||||||
}
|
}
|
||||||
@ -10403,7 +10421,7 @@ SET
|
|||||||
updated_at = $3
|
updated_at = $3
|
||||||
WHERE
|
WHERE
|
||||||
id = $1
|
id = $1
|
||||||
RETURNING id, email, username, hashed_password, created_at, updated_at, status, rbac_roles, login_type, avatar_url, deleted, last_seen_at, quiet_hours_schedule, theme_preference, name, github_com_user_id
|
RETURNING id, email, username, hashed_password, created_at, updated_at, status, rbac_roles, login_type, avatar_url, deleted, last_seen_at, quiet_hours_schedule, theme_preference, name, github_com_user_id, hashed_one_time_passcode, one_time_passcode_expires_at, must_reset_password
|
||||||
`
|
`
|
||||||
|
|
||||||
type UpdateUserAppearanceSettingsParams struct {
|
type UpdateUserAppearanceSettingsParams struct {
|
||||||
@ -10432,6 +10450,9 @@ func (q *sqlQuerier) UpdateUserAppearanceSettings(ctx context.Context, arg Updat
|
|||||||
&i.ThemePreference,
|
&i.ThemePreference,
|
||||||
&i.Name,
|
&i.Name,
|
||||||
&i.GithubComUserID,
|
&i.GithubComUserID,
|
||||||
|
&i.HashedOneTimePasscode,
|
||||||
|
&i.OneTimePasscodeExpiresAt,
|
||||||
|
&i.MustResetPassword,
|
||||||
)
|
)
|
||||||
return i, err
|
return i, err
|
||||||
}
|
}
|
||||||
@ -10495,7 +10516,7 @@ SET
|
|||||||
last_seen_at = $2,
|
last_seen_at = $2,
|
||||||
updated_at = $3
|
updated_at = $3
|
||||||
WHERE
|
WHERE
|
||||||
id = $1 RETURNING id, email, username, hashed_password, created_at, updated_at, status, rbac_roles, login_type, avatar_url, deleted, last_seen_at, quiet_hours_schedule, theme_preference, name, github_com_user_id
|
id = $1 RETURNING id, email, username, hashed_password, created_at, updated_at, status, rbac_roles, login_type, avatar_url, deleted, last_seen_at, quiet_hours_schedule, theme_preference, name, github_com_user_id, hashed_one_time_passcode, one_time_passcode_expires_at, must_reset_password
|
||||||
`
|
`
|
||||||
|
|
||||||
type UpdateUserLastSeenAtParams struct {
|
type UpdateUserLastSeenAtParams struct {
|
||||||
@ -10524,6 +10545,9 @@ func (q *sqlQuerier) UpdateUserLastSeenAt(ctx context.Context, arg UpdateUserLas
|
|||||||
&i.ThemePreference,
|
&i.ThemePreference,
|
||||||
&i.Name,
|
&i.Name,
|
||||||
&i.GithubComUserID,
|
&i.GithubComUserID,
|
||||||
|
&i.HashedOneTimePasscode,
|
||||||
|
&i.OneTimePasscodeExpiresAt,
|
||||||
|
&i.MustResetPassword,
|
||||||
)
|
)
|
||||||
return i, err
|
return i, err
|
||||||
}
|
}
|
||||||
@ -10541,7 +10565,7 @@ SET
|
|||||||
'':: bytea
|
'':: bytea
|
||||||
END
|
END
|
||||||
WHERE
|
WHERE
|
||||||
id = $2 RETURNING id, email, username, hashed_password, created_at, updated_at, status, rbac_roles, login_type, avatar_url, deleted, last_seen_at, quiet_hours_schedule, theme_preference, name, github_com_user_id
|
id = $2 RETURNING id, email, username, hashed_password, created_at, updated_at, status, rbac_roles, login_type, avatar_url, deleted, last_seen_at, quiet_hours_schedule, theme_preference, name, github_com_user_id, hashed_one_time_passcode, one_time_passcode_expires_at, must_reset_password
|
||||||
`
|
`
|
||||||
|
|
||||||
type UpdateUserLoginTypeParams struct {
|
type UpdateUserLoginTypeParams struct {
|
||||||
@ -10569,6 +10593,9 @@ func (q *sqlQuerier) UpdateUserLoginType(ctx context.Context, arg UpdateUserLogi
|
|||||||
&i.ThemePreference,
|
&i.ThemePreference,
|
||||||
&i.Name,
|
&i.Name,
|
||||||
&i.GithubComUserID,
|
&i.GithubComUserID,
|
||||||
|
&i.HashedOneTimePasscode,
|
||||||
|
&i.OneTimePasscodeExpiresAt,
|
||||||
|
&i.MustResetPassword,
|
||||||
)
|
)
|
||||||
return i, err
|
return i, err
|
||||||
}
|
}
|
||||||
@ -10584,7 +10611,7 @@ SET
|
|||||||
name = $6
|
name = $6
|
||||||
WHERE
|
WHERE
|
||||||
id = $1
|
id = $1
|
||||||
RETURNING id, email, username, hashed_password, created_at, updated_at, status, rbac_roles, login_type, avatar_url, deleted, last_seen_at, quiet_hours_schedule, theme_preference, name, github_com_user_id
|
RETURNING id, email, username, hashed_password, created_at, updated_at, status, rbac_roles, login_type, avatar_url, deleted, last_seen_at, quiet_hours_schedule, theme_preference, name, github_com_user_id, hashed_one_time_passcode, one_time_passcode_expires_at, must_reset_password
|
||||||
`
|
`
|
||||||
|
|
||||||
type UpdateUserProfileParams struct {
|
type UpdateUserProfileParams struct {
|
||||||
@ -10623,6 +10650,9 @@ func (q *sqlQuerier) UpdateUserProfile(ctx context.Context, arg UpdateUserProfil
|
|||||||
&i.ThemePreference,
|
&i.ThemePreference,
|
||||||
&i.Name,
|
&i.Name,
|
||||||
&i.GithubComUserID,
|
&i.GithubComUserID,
|
||||||
|
&i.HashedOneTimePasscode,
|
||||||
|
&i.OneTimePasscodeExpiresAt,
|
||||||
|
&i.MustResetPassword,
|
||||||
)
|
)
|
||||||
return i, err
|
return i, err
|
||||||
}
|
}
|
||||||
@ -10634,7 +10664,7 @@ SET
|
|||||||
quiet_hours_schedule = $2
|
quiet_hours_schedule = $2
|
||||||
WHERE
|
WHERE
|
||||||
id = $1
|
id = $1
|
||||||
RETURNING id, email, username, hashed_password, created_at, updated_at, status, rbac_roles, login_type, avatar_url, deleted, last_seen_at, quiet_hours_schedule, theme_preference, name, github_com_user_id
|
RETURNING id, email, username, hashed_password, created_at, updated_at, status, rbac_roles, login_type, avatar_url, deleted, last_seen_at, quiet_hours_schedule, theme_preference, name, github_com_user_id, hashed_one_time_passcode, one_time_passcode_expires_at, must_reset_password
|
||||||
`
|
`
|
||||||
|
|
||||||
type UpdateUserQuietHoursScheduleParams struct {
|
type UpdateUserQuietHoursScheduleParams struct {
|
||||||
@ -10662,6 +10692,9 @@ func (q *sqlQuerier) UpdateUserQuietHoursSchedule(ctx context.Context, arg Updat
|
|||||||
&i.ThemePreference,
|
&i.ThemePreference,
|
||||||
&i.Name,
|
&i.Name,
|
||||||
&i.GithubComUserID,
|
&i.GithubComUserID,
|
||||||
|
&i.HashedOneTimePasscode,
|
||||||
|
&i.OneTimePasscodeExpiresAt,
|
||||||
|
&i.MustResetPassword,
|
||||||
)
|
)
|
||||||
return i, err
|
return i, err
|
||||||
}
|
}
|
||||||
@ -10674,7 +10707,7 @@ SET
|
|||||||
rbac_roles = ARRAY(SELECT DISTINCT UNNEST($1 :: text[]))
|
rbac_roles = ARRAY(SELECT DISTINCT UNNEST($1 :: text[]))
|
||||||
WHERE
|
WHERE
|
||||||
id = $2
|
id = $2
|
||||||
RETURNING id, email, username, hashed_password, created_at, updated_at, status, rbac_roles, login_type, avatar_url, deleted, last_seen_at, quiet_hours_schedule, theme_preference, name, github_com_user_id
|
RETURNING id, email, username, hashed_password, created_at, updated_at, status, rbac_roles, login_type, avatar_url, deleted, last_seen_at, quiet_hours_schedule, theme_preference, name, github_com_user_id, hashed_one_time_passcode, one_time_passcode_expires_at, must_reset_password
|
||||||
`
|
`
|
||||||
|
|
||||||
type UpdateUserRolesParams struct {
|
type UpdateUserRolesParams struct {
|
||||||
@ -10702,6 +10735,9 @@ func (q *sqlQuerier) UpdateUserRoles(ctx context.Context, arg UpdateUserRolesPar
|
|||||||
&i.ThemePreference,
|
&i.ThemePreference,
|
||||||
&i.Name,
|
&i.Name,
|
||||||
&i.GithubComUserID,
|
&i.GithubComUserID,
|
||||||
|
&i.HashedOneTimePasscode,
|
||||||
|
&i.OneTimePasscodeExpiresAt,
|
||||||
|
&i.MustResetPassword,
|
||||||
)
|
)
|
||||||
return i, err
|
return i, err
|
||||||
}
|
}
|
||||||
@ -10713,7 +10749,7 @@ SET
|
|||||||
status = $2,
|
status = $2,
|
||||||
updated_at = $3
|
updated_at = $3
|
||||||
WHERE
|
WHERE
|
||||||
id = $1 RETURNING id, email, username, hashed_password, created_at, updated_at, status, rbac_roles, login_type, avatar_url, deleted, last_seen_at, quiet_hours_schedule, theme_preference, name, github_com_user_id
|
id = $1 RETURNING id, email, username, hashed_password, created_at, updated_at, status, rbac_roles, login_type, avatar_url, deleted, last_seen_at, quiet_hours_schedule, theme_preference, name, github_com_user_id, hashed_one_time_passcode, one_time_passcode_expires_at, must_reset_password
|
||||||
`
|
`
|
||||||
|
|
||||||
type UpdateUserStatusParams struct {
|
type UpdateUserStatusParams struct {
|
||||||
@ -10742,6 +10778,9 @@ func (q *sqlQuerier) UpdateUserStatus(ctx context.Context, arg UpdateUserStatusP
|
|||||||
&i.ThemePreference,
|
&i.ThemePreference,
|
||||||
&i.Name,
|
&i.Name,
|
||||||
&i.GithubComUserID,
|
&i.GithubComUserID,
|
||||||
|
&i.HashedOneTimePasscode,
|
||||||
|
&i.OneTimePasscodeExpiresAt,
|
||||||
|
&i.MustResetPassword,
|
||||||
)
|
)
|
||||||
return i, err
|
return i, err
|
||||||
}
|
}
|
||||||
|
|||||||
@ -25,7 +25,7 @@ We track the following resources:
|
|||||||
| Organization<br><i></i> | <table><thead><tr><th>Field</th><th>Tracked</th></tr></thead><tbody><tr><td>created_at</td><td>false</td></tr><tr><td>description</td><td>true</td></tr><tr><td>display_name</td><td>true</td></tr><tr><td>icon</td><td>true</td></tr><tr><td>id</td><td>false</td></tr><tr><td>is_default</td><td>true</td></tr><tr><td>name</td><td>true</td></tr><tr><td>updated_at</td><td>true</td></tr></tbody></table> |
|
| Organization<br><i></i> | <table><thead><tr><th>Field</th><th>Tracked</th></tr></thead><tbody><tr><td>created_at</td><td>false</td></tr><tr><td>description</td><td>true</td></tr><tr><td>display_name</td><td>true</td></tr><tr><td>icon</td><td>true</td></tr><tr><td>id</td><td>false</td></tr><tr><td>is_default</td><td>true</td></tr><tr><td>name</td><td>true</td></tr><tr><td>updated_at</td><td>true</td></tr></tbody></table> |
|
||||||
| Template<br><i>write, delete</i> | <table><thead><tr><th>Field</th><th>Tracked</th></tr></thead><tbody><tr><td>active_version_id</td><td>true</td></tr><tr><td>activity_bump</td><td>true</td></tr><tr><td>allow_user_autostart</td><td>true</td></tr><tr><td>allow_user_autostop</td><td>true</td></tr><tr><td>allow_user_cancel_workspace_jobs</td><td>true</td></tr><tr><td>autostart_block_days_of_week</td><td>true</td></tr><tr><td>autostop_requirement_days_of_week</td><td>true</td></tr><tr><td>autostop_requirement_weeks</td><td>true</td></tr><tr><td>created_at</td><td>false</td></tr><tr><td>created_by</td><td>true</td></tr><tr><td>created_by_avatar_url</td><td>false</td></tr><tr><td>created_by_username</td><td>false</td></tr><tr><td>default_ttl</td><td>true</td></tr><tr><td>deleted</td><td>false</td></tr><tr><td>deprecated</td><td>true</td></tr><tr><td>description</td><td>true</td></tr><tr><td>display_name</td><td>true</td></tr><tr><td>failure_ttl</td><td>true</td></tr><tr><td>group_acl</td><td>true</td></tr><tr><td>icon</td><td>true</td></tr><tr><td>id</td><td>true</td></tr><tr><td>max_port_sharing_level</td><td>true</td></tr><tr><td>name</td><td>true</td></tr><tr><td>organization_display_name</td><td>false</td></tr><tr><td>organization_icon</td><td>false</td></tr><tr><td>organization_id</td><td>false</td></tr><tr><td>organization_name</td><td>false</td></tr><tr><td>provisioner</td><td>true</td></tr><tr><td>require_active_version</td><td>true</td></tr><tr><td>time_til_dormant</td><td>true</td></tr><tr><td>time_til_dormant_autodelete</td><td>true</td></tr><tr><td>updated_at</td><td>false</td></tr><tr><td>user_acl</td><td>true</td></tr></tbody></table> |
|
| Template<br><i>write, delete</i> | <table><thead><tr><th>Field</th><th>Tracked</th></tr></thead><tbody><tr><td>active_version_id</td><td>true</td></tr><tr><td>activity_bump</td><td>true</td></tr><tr><td>allow_user_autostart</td><td>true</td></tr><tr><td>allow_user_autostop</td><td>true</td></tr><tr><td>allow_user_cancel_workspace_jobs</td><td>true</td></tr><tr><td>autostart_block_days_of_week</td><td>true</td></tr><tr><td>autostop_requirement_days_of_week</td><td>true</td></tr><tr><td>autostop_requirement_weeks</td><td>true</td></tr><tr><td>created_at</td><td>false</td></tr><tr><td>created_by</td><td>true</td></tr><tr><td>created_by_avatar_url</td><td>false</td></tr><tr><td>created_by_username</td><td>false</td></tr><tr><td>default_ttl</td><td>true</td></tr><tr><td>deleted</td><td>false</td></tr><tr><td>deprecated</td><td>true</td></tr><tr><td>description</td><td>true</td></tr><tr><td>display_name</td><td>true</td></tr><tr><td>failure_ttl</td><td>true</td></tr><tr><td>group_acl</td><td>true</td></tr><tr><td>icon</td><td>true</td></tr><tr><td>id</td><td>true</td></tr><tr><td>max_port_sharing_level</td><td>true</td></tr><tr><td>name</td><td>true</td></tr><tr><td>organization_display_name</td><td>false</td></tr><tr><td>organization_icon</td><td>false</td></tr><tr><td>organization_id</td><td>false</td></tr><tr><td>organization_name</td><td>false</td></tr><tr><td>provisioner</td><td>true</td></tr><tr><td>require_active_version</td><td>true</td></tr><tr><td>time_til_dormant</td><td>true</td></tr><tr><td>time_til_dormant_autodelete</td><td>true</td></tr><tr><td>updated_at</td><td>false</td></tr><tr><td>user_acl</td><td>true</td></tr></tbody></table> |
|
||||||
| TemplateVersion<br><i>create, write</i> | <table><thead><tr><th>Field</th><th>Tracked</th></tr></thead><tbody><tr><td>archived</td><td>true</td></tr><tr><td>created_at</td><td>false</td></tr><tr><td>created_by</td><td>true</td></tr><tr><td>created_by_avatar_url</td><td>false</td></tr><tr><td>created_by_username</td><td>false</td></tr><tr><td>external_auth_providers</td><td>false</td></tr><tr><td>id</td><td>true</td></tr><tr><td>job_id</td><td>false</td></tr><tr><td>message</td><td>false</td></tr><tr><td>name</td><td>true</td></tr><tr><td>organization_id</td><td>false</td></tr><tr><td>readme</td><td>true</td></tr><tr><td>template_id</td><td>true</td></tr><tr><td>updated_at</td><td>false</td></tr></tbody></table> |
|
| TemplateVersion<br><i>create, write</i> | <table><thead><tr><th>Field</th><th>Tracked</th></tr></thead><tbody><tr><td>archived</td><td>true</td></tr><tr><td>created_at</td><td>false</td></tr><tr><td>created_by</td><td>true</td></tr><tr><td>created_by_avatar_url</td><td>false</td></tr><tr><td>created_by_username</td><td>false</td></tr><tr><td>external_auth_providers</td><td>false</td></tr><tr><td>id</td><td>true</td></tr><tr><td>job_id</td><td>false</td></tr><tr><td>message</td><td>false</td></tr><tr><td>name</td><td>true</td></tr><tr><td>organization_id</td><td>false</td></tr><tr><td>readme</td><td>true</td></tr><tr><td>template_id</td><td>true</td></tr><tr><td>updated_at</td><td>false</td></tr></tbody></table> |
|
||||||
| User<br><i>create, write, delete</i> | <table><thead><tr><th>Field</th><th>Tracked</th></tr></thead><tbody><tr><td>avatar_url</td><td>false</td></tr><tr><td>created_at</td><td>false</td></tr><tr><td>deleted</td><td>true</td></tr><tr><td>email</td><td>true</td></tr><tr><td>github_com_user_id</td><td>false</td></tr><tr><td>hashed_password</td><td>true</td></tr><tr><td>id</td><td>true</td></tr><tr><td>last_seen_at</td><td>false</td></tr><tr><td>login_type</td><td>true</td></tr><tr><td>name</td><td>true</td></tr><tr><td>quiet_hours_schedule</td><td>true</td></tr><tr><td>rbac_roles</td><td>true</td></tr><tr><td>status</td><td>true</td></tr><tr><td>theme_preference</td><td>false</td></tr><tr><td>updated_at</td><td>false</td></tr><tr><td>username</td><td>true</td></tr></tbody></table> |
|
| User<br><i>create, write, delete</i> | <table><thead><tr><th>Field</th><th>Tracked</th></tr></thead><tbody><tr><td>avatar_url</td><td>false</td></tr><tr><td>created_at</td><td>false</td></tr><tr><td>deleted</td><td>true</td></tr><tr><td>email</td><td>true</td></tr><tr><td>github_com_user_id</td><td>false</td></tr><tr><td>hashed_one_time_passcode</td><td>true</td></tr><tr><td>hashed_password</td><td>true</td></tr><tr><td>id</td><td>true</td></tr><tr><td>last_seen_at</td><td>false</td></tr><tr><td>login_type</td><td>true</td></tr><tr><td>must_reset_password</td><td>true</td></tr><tr><td>name</td><td>true</td></tr><tr><td>one_time_passcode_expires_at</td><td>true</td></tr><tr><td>quiet_hours_schedule</td><td>true</td></tr><tr><td>rbac_roles</td><td>true</td></tr><tr><td>status</td><td>true</td></tr><tr><td>theme_preference</td><td>false</td></tr><tr><td>updated_at</td><td>false</td></tr><tr><td>username</td><td>true</td></tr></tbody></table> |
|
||||||
| Workspace<br><i>create, write, delete</i> | <table><thead><tr><th>Field</th><th>Tracked</th></tr></thead><tbody><tr><td>automatic_updates</td><td>true</td></tr><tr><td>autostart_schedule</td><td>true</td></tr><tr><td>created_at</td><td>false</td></tr><tr><td>deleted</td><td>false</td></tr><tr><td>deleting_at</td><td>true</td></tr><tr><td>dormant_at</td><td>true</td></tr><tr><td>favorite</td><td>true</td></tr><tr><td>id</td><td>true</td></tr><tr><td>last_used_at</td><td>false</td></tr><tr><td>name</td><td>true</td></tr><tr><td>organization_id</td><td>false</td></tr><tr><td>owner_id</td><td>true</td></tr><tr><td>template_id</td><td>true</td></tr><tr><td>ttl</td><td>true</td></tr><tr><td>updated_at</td><td>false</td></tr></tbody></table> |
|
| Workspace<br><i>create, write, delete</i> | <table><thead><tr><th>Field</th><th>Tracked</th></tr></thead><tbody><tr><td>automatic_updates</td><td>true</td></tr><tr><td>autostart_schedule</td><td>true</td></tr><tr><td>created_at</td><td>false</td></tr><tr><td>deleted</td><td>false</td></tr><tr><td>deleting_at</td><td>true</td></tr><tr><td>dormant_at</td><td>true</td></tr><tr><td>favorite</td><td>true</td></tr><tr><td>id</td><td>true</td></tr><tr><td>last_used_at</td><td>false</td></tr><tr><td>name</td><td>true</td></tr><tr><td>organization_id</td><td>false</td></tr><tr><td>owner_id</td><td>true</td></tr><tr><td>template_id</td><td>true</td></tr><tr><td>ttl</td><td>true</td></tr><tr><td>updated_at</td><td>false</td></tr></tbody></table> |
|
||||||
| WorkspaceBuild<br><i>start, stop</i> | <table><thead><tr><th>Field</th><th>Tracked</th></tr></thead><tbody><tr><td>build_number</td><td>false</td></tr><tr><td>created_at</td><td>false</td></tr><tr><td>daily_cost</td><td>false</td></tr><tr><td>deadline</td><td>false</td></tr><tr><td>id</td><td>false</td></tr><tr><td>initiator_by_avatar_url</td><td>false</td></tr><tr><td>initiator_by_username</td><td>false</td></tr><tr><td>initiator_id</td><td>false</td></tr><tr><td>job_id</td><td>false</td></tr><tr><td>max_deadline</td><td>false</td></tr><tr><td>provisioner_state</td><td>false</td></tr><tr><td>reason</td><td>false</td></tr><tr><td>template_version_id</td><td>true</td></tr><tr><td>transition</td><td>false</td></tr><tr><td>updated_at</td><td>false</td></tr><tr><td>workspace_id</td><td>false</td></tr></tbody></table> |
|
| WorkspaceBuild<br><i>start, stop</i> | <table><thead><tr><th>Field</th><th>Tracked</th></tr></thead><tbody><tr><td>build_number</td><td>false</td></tr><tr><td>created_at</td><td>false</td></tr><tr><td>daily_cost</td><td>false</td></tr><tr><td>deadline</td><td>false</td></tr><tr><td>id</td><td>false</td></tr><tr><td>initiator_by_avatar_url</td><td>false</td></tr><tr><td>initiator_by_username</td><td>false</td></tr><tr><td>initiator_id</td><td>false</td></tr><tr><td>job_id</td><td>false</td></tr><tr><td>max_deadline</td><td>false</td></tr><tr><td>provisioner_state</td><td>false</td></tr><tr><td>reason</td><td>false</td></tr><tr><td>template_version_id</td><td>true</td></tr><tr><td>transition</td><td>false</td></tr><tr><td>updated_at</td><td>false</td></tr><tr><td>workspace_id</td><td>false</td></tr></tbody></table> |
|
||||||
| WorkspaceProxy<br><i></i> | <table><thead><tr><th>Field</th><th>Tracked</th></tr></thead><tbody><tr><td>created_at</td><td>true</td></tr><tr><td>deleted</td><td>false</td></tr><tr><td>derp_enabled</td><td>true</td></tr><tr><td>derp_only</td><td>true</td></tr><tr><td>display_name</td><td>true</td></tr><tr><td>icon</td><td>true</td></tr><tr><td>id</td><td>true</td></tr><tr><td>name</td><td>true</td></tr><tr><td>region_id</td><td>true</td></tr><tr><td>token_hashed_secret</td><td>true</td></tr><tr><td>updated_at</td><td>false</td></tr><tr><td>url</td><td>true</td></tr><tr><td>version</td><td>true</td></tr><tr><td>wildcard_hostname</td><td>true</td></tr></tbody></table> |
|
| WorkspaceProxy<br><i></i> | <table><thead><tr><th>Field</th><th>Tracked</th></tr></thead><tbody><tr><td>created_at</td><td>true</td></tr><tr><td>deleted</td><td>false</td></tr><tr><td>derp_enabled</td><td>true</td></tr><tr><td>derp_only</td><td>true</td></tr><tr><td>display_name</td><td>true</td></tr><tr><td>icon</td><td>true</td></tr><tr><td>id</td><td>true</td></tr><tr><td>name</td><td>true</td></tr><tr><td>region_id</td><td>true</td></tr><tr><td>token_hashed_secret</td><td>true</td></tr><tr><td>updated_at</td><td>false</td></tr><tr><td>url</td><td>true</td></tr><tr><td>version</td><td>true</td></tr><tr><td>wildcard_hostname</td><td>true</td></tr></tbody></table> |
|
||||||
|
|||||||
@ -129,22 +129,25 @@ var auditableResourcesTypes = map[any]map[string]Action{
|
|||||||
"archived": ActionTrack,
|
"archived": ActionTrack,
|
||||||
},
|
},
|
||||||
&database.User{}: {
|
&database.User{}: {
|
||||||
"id": ActionTrack,
|
"id": ActionTrack,
|
||||||
"email": ActionTrack,
|
"email": ActionTrack,
|
||||||
"username": ActionTrack,
|
"username": ActionTrack,
|
||||||
"hashed_password": ActionSecret, // Do not expose a users hashed password.
|
"hashed_password": ActionSecret, // Do not expose a users hashed password.
|
||||||
"created_at": ActionIgnore, // Never changes.
|
"created_at": ActionIgnore, // Never changes.
|
||||||
"updated_at": ActionIgnore, // Changes, but is implicit and not helpful in a diff.
|
"updated_at": ActionIgnore, // Changes, but is implicit and not helpful in a diff.
|
||||||
"status": ActionTrack,
|
"status": ActionTrack,
|
||||||
"rbac_roles": ActionTrack,
|
"rbac_roles": ActionTrack,
|
||||||
"login_type": ActionTrack,
|
"login_type": ActionTrack,
|
||||||
"avatar_url": ActionIgnore,
|
"avatar_url": ActionIgnore,
|
||||||
"last_seen_at": ActionIgnore,
|
"last_seen_at": ActionIgnore,
|
||||||
"deleted": ActionTrack,
|
"deleted": ActionTrack,
|
||||||
"quiet_hours_schedule": ActionTrack,
|
"quiet_hours_schedule": ActionTrack,
|
||||||
"theme_preference": ActionIgnore,
|
"theme_preference": ActionIgnore,
|
||||||
"name": ActionTrack,
|
"name": ActionTrack,
|
||||||
"github_com_user_id": ActionIgnore,
|
"github_com_user_id": ActionIgnore,
|
||||||
|
"hashed_one_time_passcode": ActionSecret, // Do not expose a user's one time passcode.
|
||||||
|
"one_time_passcode_expires_at": ActionTrack,
|
||||||
|
"must_reset_password": ActionTrack,
|
||||||
},
|
},
|
||||||
&database.Workspace{}: {
|
&database.Workspace{}: {
|
||||||
"id": ActionTrack,
|
"id": ActionTrack,
|
||||||
|
|||||||
Reference in New Issue
Block a user