hostsharing/hs.hsadmin.ng
1
0
Fork 0
Code Activity

remove secrets from credentials (#198)

Browse Source 
Co-authored-by: Michael Hoennig <michael@hoennig.de>
Reviewed-on: https://dev.hostsharing.net/hostsharing/hs.hsadmin.ng/pulls/198
Reviewed-by: Marc Sandlus <marc.sandlus@hostsharing.net>
This commit is contained in:
Michael Hoennig
2025-09-09 11:47:08 +02:00
parent d7a78d0a79
commit 27b4f59a97
18 changed files with 19 additions and 186 deletions
Download Patch File Download Diff File Expand all files Collapse all files
src/main/resources/db/changelog/9-hs-global/950-accounts/9510-hs-accounts.sql
-4
View File
@@ -13,13 +13,9 @@ create table hs_accounts.credentials
person_uuid uuid not null references hs_office.person(uuid),
active bool,
last_used timestamp,
global_uid int unique, -- w/o
global_gid int unique, -- w/o
onboarding_token text, -- w/o, but can be set to null to invalidate
totp_secrets text[],
phone_password text,
email_address text,
sms_number text
);
src/main/resources/db/changelog/9-hs-global/950-accounts/9519-hs-accounts-test-data.sql
+4 -4
View File
@@ -68,10 +68,10 @@ begin
-- call rbac.grantRoleToRole(hs_accounts.context_REFERRER(context_MATRIX_internal), rbac.global_ADMIN());
-- Add test credentials (linking to assumed rbac.subject UUIDs)
INSERT INTO hs_accounts.credentials (uuid, version, person_uuid, active, global_uid, global_gid, onboarding_token, totp_secrets, phone_password, email_address, sms_number) VALUES
( superuserAlexSubjectUuid, 0, personAlexUuid, true, 1001, 1001, 'token-abc', ARRAY['otp-secret-1a', 'otp-secret-1b'], 'phone-pw-1', 'alex@example.com', '111-222-3333'),
( superuserFranSubjectUuid, 0, personFranUuid, true, 1002, 1002, 'token-def', ARRAY['otp-secret-2'], 'phone-pw-2', 'fran@example.com', '444-555-6666'),
( userDrewSubjectUuid, 0, personDrewUuid, true, 1003, 1003, 'token-def', ARRAY['otp-secret-3'], 'phone-pw-3', 'drew@example.org', '999-888-7777');
INSERT INTO hs_accounts.credentials (uuid, version, person_uuid, active, global_uid, global_gid, email_address, sms_number) VALUES
( superuserAlexSubjectUuid, 0, personAlexUuid, true, 1001, 1001, 'alex@example.com', '111-222-3333'),
( superuserFranSubjectUuid, 0, personFranUuid, true, 1002, 1002, 'fran@example.com', '444-555-6666'),
( userDrewSubjectUuid, 0, personDrewUuid, true, 1003, 1003, 'drew@example.org', '999-888-7777');
-- Map credentials to contexts
INSERT INTO hs_accounts.context_mapping (credentials_uuid, context_uuid) VALUES