Skip to content

feat: implement api for "forgot password?" flow #14915

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 25 commits into from
Oct 4, 2024
Merged

feat: implement api for "forgot password?" flow #14915

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
25 commits
Select commit Hold shift + click to select a range
b44adff
feat: add api for forgotten password flow
DanielleMaywood Sep 30, 2024
60fc32c
fix: appease linter
DanielleMaywood Oct 1, 2024
32a8df4
fix: give 20 minutes for one time passcode
DanielleMaywood Oct 1, 2024
e486923
chore: changes from feedback
DanielleMaywood Oct 2, 2024
da87e9b
fix: make ChangePasswordWithOneTimePassword expect StatusOK
DanielleMaywood Oct 2, 2024
39fa0f1
docs: run 'make gen'
DanielleMaywood Oct 2, 2024
b89dfd7
test: add more tests
DanielleMaywood Oct 2, 2024
714e316
test: ensure login fails before changing password
DanielleMaywood Oct 2, 2024
c4ed205
refactor: test and dbmem.UpdateUserHashedOneTimePasscode
DanielleMaywood Oct 2, 2024
fa9d426
fix: do not enqueue notification if user.ID is uuid.Nil
DanielleMaywood Oct 2, 2024
883a231
refactor: wrap GetUserByEmailOrUsername in transaction
DanielleMaywood Oct 2, 2024
bff384b
refactor: error handling
DanielleMaywood Oct 2, 2024
26cc758
fix: check one-time passcode expiry
DanielleMaywood Oct 2, 2024
25581c2
test: one-time passcode becomes invalid after use
DanielleMaywood Oct 2, 2024
764b0cc
Merge branch 'main' into dm-request-and-submit-passcode
DanielleMaywood Oct 2, 2024
6078409
fix: make changes from feedback
DanielleMaywood Oct 3, 2024
3a0946c
refactor: change endpoints
DanielleMaywood Oct 3, 2024
1a7ad7a
fix: update assertSecurityDefined links
DanielleMaywood Oct 3, 2024
6bbcff2
refactor: make validity period an option and test it
DanielleMaywood Oct 3, 2024
dfc32b1
test: refactor tests to reduce duplication
DanielleMaywood Oct 3, 2024
9f80082
test: ensure cannot login after failed password change
DanielleMaywood Oct 4, 2024
fe9b3f8
fix: imports
DanielleMaywood Oct 4, 2024
b42b73c
test: ensure can login with old credentials
DanielleMaywood Oct 4, 2024
034a7d4
chore: apply changes based on feedback
DanielleMaywood Oct 4, 2024
e14d43b
chore: add missing comment
DanielleMaywood Oct 4, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Next Next commit
feat: add api for forgotten password flow
  • Loading branch information
@DanielleMaywood
DanielleMaywood committed Oct 1, 2024
commit b44adff71e913ed58d08e5692cf571c042baae3a
88 changes: 88 additions & 0 deletions coderd/apidoc/docs.go
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

74 changes: 74 additions & 0 deletions coderd/apidoc/swagger.json
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 2 additions & 0 deletions coderd/coderd.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -983,6 +983,8 @@ func New(options *Options) *API {
// This value is intentionally increased during tests.
r.Use(httpmw.RateLimit(options.LoginRateLimit, time.Minute))
r.Post("/login", api.postLogin)
r.Post("/request-one-time-passcode", api.postRequestOneTimePasscode)
r.Post("/change-password-with-one-time-passcode", api.postChangePasswordWithOneTimePasscode)
r.Route("/oauth2", func(r chi.Router) {
r.Route("/github", func(r chi.Router) {
r.Use(
Expand Down
4 changes: 3 additions & 1 deletion coderd/coderdtest/swaggerparser.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -303,7 +303,9 @@ func assertSecurityDefined(t *testing.T, comment SwaggerComment) {
if comment.router == "/updatecheck" ||
comment.router == "/buildinfo" ||
comment.router == "/" ||
comment.router == "/users/login" {
comment.router == "/users/login" ||
comment.router == "/users/request-one-time-passcode" ||
comment.router == "/users/change-password-with-one-time-passcode" {
return // endpoints do not require authorization
}
assert.Equal(t, "CoderSessionToken", comment.security, "@Security must be equal CoderSessionToken")
Expand Down
8 changes: 8 additions & 0 deletions coderd/database/dbauthz/dbauthz.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3628,6 +3628,14 @@ func (q *querier) UpdateUserGithubComUserID(ctx context.Context, arg database.Up
return q.db.UpdateUserGithubComUserID(ctx, arg)
}

func (q *querier) UpdateUserHashedOneTimePasscode(ctx context.Context, arg database.UpdateUserHashedOneTimePasscodeParams) error {
if err := q.authorizeContext(ctx, policy.ActionUpdate, rbac.ResourceSystem); err != nil {
return err
}

return q.db.UpdateUserHashedOneTimePasscode(ctx, arg)
}

func (q *querier) UpdateUserHashedPassword(ctx context.Context, arg database.UpdateUserHashedPasswordParams) error {
user, err := q.db.GetUserByID(ctx, arg.ID)
if err != nil {
Expand Down
6 changes: 6 additions & 0 deletions coderd/database/dbauthz/dbauthz_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1187,6 +1187,12 @@ func (s *MethodTestSuite) TestUser() {
ID: u.ID,
}).Asserts(u, policy.ActionUpdatePersonal).Returns()
}))
s.Run("UpdateUserHashedOneTimePasscode", s.Subtest(func(db database.Store, check *expects) {
u := dbgen.User(s.T(), db, database.User{})
check.Args(database.UpdateUserHashedOneTimePasscodeParams{
ID: u.ID,
}).Asserts(rbac.ResourceSystem, policy.ActionUpdate).Returns()
}))
s.Run("UpdateUserQuietHoursSchedule", s.Subtest(func(db database.Store, check *expects) {
u := dbgen.User(s.T(), db, database.User{})
check.Args(database.UpdateUserQuietHoursScheduleParams{
Expand Down
21 changes: 21 additions & 0 deletions coderd/database/dbmem/dbmem.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9077,6 +9077,27 @@ func (q *FakeQuerier) UpdateUserGithubComUserID(_ context.Context, arg database.
return sql.ErrNoRows
}

func (q *FakeQuerier) UpdateUserHashedOneTimePasscode(ctx context.Context, arg database.UpdateUserHashedOneTimePasscodeParams) error {
err := validateDatabaseType(arg)
if err != nil {
return err
}

q.mutex.Lock()
defer q.mutex.Unlock()

for i, user := range q.users {
if user.ID != arg.ID {
continue
}
user.HashedOneTimePasscode = arg.HashedOneTimePasscode
user.OneTimePasscodeExpiresAt = arg.OneTimePasscodeExpiresAt
q.users[i] = user
return nil
}
return sql.ErrNoRows
}

func (q *FakeQuerier) UpdateUserHashedPassword(_ context.Context, arg database.UpdateUserHashedPasswordParams) error {
if err := validateDatabaseType(arg); err != nil {
return err
Expand Down
7 changes: 7 additions & 0 deletions coderd/database/dbmetrics/dbmetrics.go
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

14 changes: 14 additions & 0 deletions coderd/database/dbmock/dbmock.go
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

1 change: 1 addition & 0 deletions coderd/database/migrations/000260_notifications_forgot_password.down.sql
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
DELETE FROM notification_templates WHERE id = '62f86a30-2330-4b61-a26d-311ff3b608cf';
4 changes: 4 additions & 0 deletions coderd/database/migrations/000260_notifications_forgot_password.up.sql
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
INSERT INTO notification_templates (id, name, title_template, body_template, "group", actions)
VALUES ('62f86a30-2330-4b61-a26d-311ff3b608cf', 'One Time Passcode', E'Your one time passcode is enclosed.',
E'Hi {{.UserName}},\n\nA request to reset the password for your Coder account has been made. Your one time passcode is:\n\n**{{.Labels.one_time_passcode}}**\n\nIf you did not request to reset your password, you can ignore this message.',
'User Events', '[]'::jsonb);
1 change: 1 addition & 0 deletions coderd/database/querier.go
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

25 changes: 24 additions & 1 deletion coderd/database/queries.sql.go
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

Loading