mirror of
https://github.com/coder/coder.git
synced 2025-07-06 15:41:45 +00:00
8fc8559076
Fixes an issue where API tokens belonging to a deleted user were not invalidated: - Adds a trigger to delete rows from the api_key stable when the column deleted is set to true in the users table. - Adds a trigger to the api_keys table to ensure that new rows may not be added where user_id corresponds to a deleted user. - Adds a migration to delete all API keys from deleted users. - Adds tests + dbfake implementation for the above.
10 lines
245 B
PL/PgSQL
10 lines
245 B
PL/PgSQL
BEGIN;
|
|
|
|
DROP TRIGGER IF EXISTS trigger_update_users ON users;
|
|
DROP FUNCTION IF EXISTS delete_deleted_user_api_keys;
|
|
|
|
DROP TRIGGER IF EXISTS trigger_insert_apikeys ON api_keys;
|
|
DROP FUNCTION IF EXISTS insert_apikey_fail_if_user_deleted;
|
|
|
|
COMMIT;
|