matrix/authentication-service
1
0
Fork 0
mirror of https://github.com/matrix-org/matrix-authentication-service.git synced 2025-11-23 11:02:35 +03:00
Code Activity

Add a way to lock users

Browse Source
This commit is contained in:
Quentin Gliech
2023-07-28 18:25:54 +02:00
parent 8f01d1198c
commit 40b49cdd10
16 changed files with 277 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
crates/storage-pg/src/iden.rs
View File

@@ -29,6 +29,8 @@ pub enum Users {
UserId,
Username,
PrimaryUserEmailId,
CreatedAt,
LockedAt,
}
#[derive(sea_query::Iden)]

77
crates/storage-pg/src/user/mod.rs
View File

@@ -55,9 +55,8 @@ struct UserLookup {
user_id: Uuid,
username: String,
primary_user_email_id: Option<Uuid>,
#[allow(dead_code)]
created_at: DateTime<Utc>,
locked_at: Option<DateTime<Utc>>,
}
impl From<UserLookup> for User {
@@ -68,6 +67,8 @@ impl From<UserLookup> for User {
username: value.username,
sub: id.to_string(),
primary_user_email_id: value.primary_user_email_id.map(Into::into),
created_at: value.created_at,
locked_at: value.locked_at,
}
}
}
@@ -93,6 +94,7 @@ impl<'c> UserRepository for PgUserRepository<'c> {
, username
, primary_user_email_id
, created_at
, locked_at
FROM users
WHERE user_id = $1
"#,
@@ -124,6 +126,7 @@ impl<'c> UserRepository for PgUserRepository<'c> {
, username
, primary_user_email_id
, created_at
, locked_at
FROM users
WHERE username = $1
"#,
@@ -176,6 +179,8 @@ impl<'c> UserRepository for PgUserRepository<'c> {
username,
sub: id.to_string(),
primary_user_email_id: None,
created_at,
locked_at: None,
})
}
@@ -203,4 +208,72 @@ impl<'c> UserRepository for PgUserRepository<'c> {
Ok(exists)
}
#[tracing::instrument(
name = "db.user.lock",
skip_all,
fields(
db.statement,
%user.id,
),
err,
)]
async fn lock(&mut self, clock: &dyn Clock, mut user: User) -> Result<User, Self::Error> {
if user.locked_at.is_some() {
return Ok(user);
}
let locked_at = clock.now();
let res = sqlx::query!(
r#"
UPDATE users
SET locked_at = $1
WHERE user_id = $2
"#,
locked_at,
Uuid::from(user.id),
)
.traced()
.execute(&mut *self.conn)
.await?;
DatabaseError::ensure_affected_rows(&res, 1)?;
user.locked_at = Some(locked_at);
Ok(user)
}
#[tracing::instrument(
name = "db.user.unlock",
skip_all,
fields(
db.statement,
%user.id,
),
err,
)]
async fn unlock(&mut self, mut user: User) -> Result<User, Self::Error> {
if user.locked_at.is_none() {
return Ok(user);
}
let res = sqlx::query!(
r#"
UPDATE users
SET locked_at = NULL
WHERE user_id = $1
"#,
Uuid::from(user.id),
)
.traced()
.execute(&mut *self.conn)
.await?;
DatabaseError::ensure_affected_rows(&res, 1)?;
user.locked_at = None;
Ok(user)
}
}

14
crates/storage-pg/src/user/session.rs
View File

@@ -53,6 +53,8 @@ struct SessionLookup {
user_id: Uuid,
user_username: String,
user_primary_user_email_id: Option<Uuid>,
user_created_at: DateTime<Utc>,
user_locked_at: Option<DateTime<Utc>>,
}
impl TryFrom<SessionLookup> for BrowserSession {
@@ -65,6 +67,8 @@ impl TryFrom<SessionLookup> for BrowserSession {
username: value.user_username,
sub: id.to_string(),
primary_user_email_id: value.user_primary_user_email_id.map(Into::into),
created_at: value.user_created_at,
locked_at: value.user_locked_at,
};
Ok(BrowserSession {
@@ -99,6 +103,8 @@ impl<'c> BrowserSessionRepository for PgBrowserSessionRepository<'c> {
, u.user_id
, u.username AS "user_username"
, u.primary_user_email_id AS "user_primary_user_email_id"
, u.created_at AS "user_created_at"
, u.locked_at AS "user_locked_at"
FROM user_sessions s
INNER JOIN users u
USING (user_id)
@@ -232,6 +238,14 @@ impl<'c> BrowserSessionRepository for PgBrowserSessionRepository<'c> {
Expr::col((Users::Table, Users::PrimaryUserEmailId)),
SessionLookupIden::UserPrimaryUserEmailId,
)
.expr_as(
Expr::col((Users::Table, Users::CreatedAt)),
SessionLookupIden::UserCreatedAt,
)
.expr_as(
Expr::col((Users::Table, Users::LockedAt)),
SessionLookupIden::UserLockedAt,
)
.from(UserSessions::Table)
.inner_join(
Users::Table,