Skip to content

feat: Add update user password endpoint #1310

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 17 commits into from
May 6, 2022
Merged

feat: Add update user password endpoint #1310

merged 17 commits into from
May 6, 2022

Conversation

BrunoQuaresma
Copy link
Collaborator

Closes #1309

@BrunoQuaresma BrunoQuaresma requested a review from a team May 5, 2022 14:03
@BrunoQuaresma BrunoQuaresma self-assigned this May 5, 2022
f0ssel
f0ssel requested changes May 5, 2022
View reviewed changes
@BrunoQuaresma
Copy link
Collaborator Author

I realized/remember the UI should be able to update the password for other users as well so I think we should skip the password verification when the user is admin and if it is trying to change another user's password. Or, to make it simple for BETA, I can just remove this verification or comment the block. Thoughts?

@codecov
Copy link

codecov bot commented May 5, 2022
edited
Loading

Codecov Report

Merging #1310 (671c56d) into main (0ccf010) will increase coverage by 0.07%.
The diff coverage is 60.86%.

@@            Coverage Diff             @@
##             main    #1310      +/-   ##
==========================================
+ Coverage   66.10%   66.18%   +0.07%     
==========================================
  Files         281      281              
  Lines       18424    18479      +55     
  Branches      220      220              
==========================================
+ Hits        12180    12230      +50     
- Misses       4982     4984       +2     
- Partials     1262     1265       +3
Flag Coverage Δ
unittest-go-macos-latest 53.61% <54.34%> (+0.05%) ⬆️
unittest-go-postgres- 64.97% <60.86%> (+0.09%) ⬆️
unittest-go-ubuntu-latest 56.08% <54.34%> (+0.20%) ⬆️
unittest-go-windows-2022 52.04% <54.34%> (+0.16%) ⬆️
unittest-js 71.61% <ø> (ø)
Impacted Files Coverage Δ
coderd/httpmw/userparam.go 83.67% <ø> (-2.05%) ⬇️
coderd/rbac/object.go 100.00% <ø> (ø)
coderd/users.go 61.36% <42.30%> (+0.15%) ⬆️
codersdk/users.go 65.17% <70.00%> (+0.22%) ⬆️
coderd/coderd.go 94.53% <100.00%> (+0.08%) ⬆️
coderd/coderdtest/coderdtest.go 98.86% <100.00%> (-0.02%) ⬇️
coderd/database/queries.sql.go 78.14% <100.00%> (+0.03%) ⬆️
codersdk/provisionerdaemons.go 61.97% <0.00%> (-5.64%) ⬇️
cli/cliui/agent.go 77.46% <0.00%> (-5.00%) ⬇️
provisionerd/provisionerd.go 76.17% <0.00%> (-0.94%) ⬇️
... and 9 more

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 0ccf010...671c56d. Read the comment docs.

@BrunoQuaresma BrunoQuaresma requested a review from f0ssel May 5, 2022 14:27
f0ssel
f0ssel reviewed May 5, 2022
View reviewed changes
Copy link
Contributor

@f0ssel f0ssel left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do we not have an RBAC gate for admins yet? Kinda worried about shipping this and allow any user to reset any other user's password.

coadler
coadler reviewed May 5, 2022
View reviewed changes
mafredri
mafredri reviewed May 5, 2022
View reviewed changes
Copy link
Member

@mafredri mafredri left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just a few nits, other than that I think the PR looks good. 👍🏻

@BrunoQuaresma
Copy link
Collaborator Author

@f0ssel RBAC added!

@BrunoQuaresma BrunoQuaresma requested review from f0ssel and mafredri May 5, 2022 17:16
@BrunoQuaresma BrunoQuaresma requested a review from a team as a code owner May 5, 2022 17:17
presleyp
presleyp approved these changes May 5, 2022
View reviewed changes
Copy link
Contributor

@presleyp presleyp left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The frontend bit looks good to me!

f0ssel
f0ssel approved these changes May 5, 2022
View reviewed changes
Copy link
Contributor

@f0ssel f0ssel left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Small suggestions but it looks good 👍

coderd/users_test.go
@@ -287,6 +287,41 @@ func TestUpdateUserProfile(t *testing.T) {
})
}

func TestUpdateUserPassword(t *testing.T) {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Let's also add some tests to make sure the rbac is working here, I'd like to ensure that the user itself cannot perform this action, and neither can other non-admin users.

Copy link
Collaborator Author

@BrunoQuaresma BrunoQuaresma May 5, 2022
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

So from what I'm understanding we want to test:

  • A non-admin user can't update any password
  • An admin can update another user's password

Is that?

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Updated!

BrunoQuaresma and others added 2 commits May 5, 2022 14:57
@BrunoQuaresma @f0ssel
Update coderd/users.go
4f9f506 
Co-authored-by: Garrett Delfosse <garrett@coder.com>
@BrunoQuaresma
Remove user restriction and refactor tests
671c56d
BrunoQuaresma
BrunoQuaresma commented May 6, 2022
View reviewed changes
coderd/httpmw/userparam.go
@@ -76,14 +76,6 @@ func ExtractUserParam(db database.Store) func(http.Handler) http.Handler {
}
}

apiKey := APIKey(r)
if apiKey.UserID != user.ID {
Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I removed this because it was "overriding" RBAC roles. I know we don’t have the RBAC in place for all the user routes, but I can try to do that next. Probably I can send a PR on Monday. Thoughts? cc.: @f0ssel

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Discussion on Slack: https://codercom.slack.com/archives/CJURPL8DN/p1651843502606399

@BrunoQuaresma BrunoQuaresma merged commit 57bb108 into main May 6, 2022
@BrunoQuaresma BrunoQuaresma deleted the bq/update-user-password branch May 6, 2022 14:20
@misskniss misskniss added this to the V2 Beta milestone May 15, 2022
kylecarbs pushed a commit that referenced this pull request Jun 10, 2022
@BrunoQuaresma @kylecarbs
feat: Add update user password endpoint (#1310)
89b7f3f
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@coadler coadler coadler left review comments

@presleyp presleyp presleyp approved these changes

@f0ssel f0ssel f0ssel approved these changes

@mafredri mafredri Awaiting requested review from mafredri

Assignees

@BrunoQuaresma BrunoQuaresma

Labels
None yet
Projects
None yet
Milestone
V2 Beta
Development

Successfully merging this pull request may close these issues.

Add update user password endpoint
6 participants
@BrunoQuaresma @mafredri @presleyp @coadler @f0ssel @misskniss