feature/credentials-schema-updates (#180)

Co-authored-by: Michael Hoennig <michael@hoennig.de>
Reviewed-on: https://dev.hostsharing.net/hostsharing/hs.hsadmin.ng/pulls/180
Reviewed-by: Marc Sandlus <marc.sandlus@hostsharing.net>

src/main/resources/api-definition/credentials/api-paths.yaml

@@ -16,8 +16,12 @@ paths:
 
   # Credentials
 
-  /api/hs/credentials/credentials:
-    $ref: "credentials.yaml"
+  /api/hs/credentials/credentials/{credentialsUuid}/used:
+    $ref: "credentials-with-uuid-used.yaml"
 
   /api/hs/credentials/credentials/{credentialsUuid}:
     $ref: "credentials-with-uuid.yaml"
+
+  /api/hs/credentials/credentials:
+    $ref: "credentials.yaml"
+

src/main/resources/api-definition/credentials/credentials-schemas.yaml

@@ -9,7 +9,7 @@ components:
                 uuid:
                     type: string
                     format: uuid
-                twoFactorAuth:
+                totpSecret:
                     type: string
                 telephonePassword:
                     type: string
@@ -29,6 +29,9 @@ components:
                     type: array
                     items:
                         $ref: 'context-schemas.yaml#/components/schemas/Context'
+                lastUsed:
+                    type: string
+                    format: date-time
             required:
                 - uuid
                 - active
@@ -38,7 +41,7 @@ components:
         CredentialsPatch:
             type: object
             properties:
-                twoFactorAuth:
+                totpSecret:
                     type: string
                     nullable: true
                 phonePassword:
@@ -64,7 +67,7 @@ components:
                 uuid:
                     type: string
                     format: uuid
-                twoFactorAuth:
+                totpSecret:
                     type: string
                 telephonePassword:
                     type: string

src/main/resources/api-definition/credentials/credentials-with-uuid-used.yaml

@@ -0,0 +1,24 @@
+post:
+    tags:
+        - -credentials
+    description: 'Is called when credentials got used for a login.'
+    operationId: credentialsUsed
+    parameters:
+        -   $ref: 'auth.yaml#/components/parameters/assumedRoles'
+        -   name: credentialsUuid
+            in: path
+            required: true
+            schema:
+                type: string
+                format: uuid
+    responses:
+        "200":
+            description: OK
+            content:
+                'application/json':
+                    schema:
+                        $ref: 'credentials-schemas.yaml#/components/schemas/Credentials'
+        "401":
+            $ref: 'error-responses.yaml#/components/responses/Unauthorized'
+        "403":
+            $ref: 'error-responses.yaml#/components/responses/Forbidden'

src/main/resources/db/changelog/9-hs-global/950-credentials/9510-hs-credentials.sql

@@ -13,11 +13,12 @@ create table hs_credentials.credentials
     person_uuid      uuid not null references hs_office.person(uuid),
 
     active           bool,
+    last_used        timestamp,
     global_uid       int unique,     -- w/o
     global_gid       int unique,     -- w/o
-    onboarding_token text,           -- w/o
+    onboarding_token text,           -- w/o, but can be set to null to invalidate
 
-    two_factor_auth  text,
+    totp_secret      text,
     phone_password   text,
     email_address    text,
     sms_number       text

src/main/resources/db/changelog/9-hs-global/950-credentials/9519-hs-credentials-test-data.sql

@@ -51,7 +51,7 @@ begin
 --     call rbac.grantRoleToRole(hs_credentials.context_REFERRER(context_MATRIX_internal), rbac.global_ADMIN());
 
     -- Add test credentials (linking to assumed rbac.subject UUIDs)
-    INSERT INTO hs_credentials.credentials (uuid, version, person_uuid, active, global_uid, global_gid, onboarding_token, two_factor_auth, phone_password, email_address, sms_number) VALUES
+    INSERT INTO hs_credentials.credentials (uuid, version, person_uuid, active, global_uid, global_gid, onboarding_token, totp_secret, phone_password, email_address, sms_number) VALUES
         ( superuserAlexSubjectUuid, 0, personAlexUuid, true, 1001, 1001, 'token-abc', 'otp-secret-1', 'phone-pw-1', 'alex@example.com', '111-222-3333'),
         ( superuserFranSubjectUuid, 0, personFranUuid, true, 1002, 1002, 'token-def', 'otp-secret-2', 'phone-pw-2', 'fran@example.com', '444-555-6666');
 

src/main/resources/db/changelog/db.changelog-master.yaml

@@ -174,59 +174,61 @@ databaseChangeLog:
 
     - include:
         file: db/changelog/6-hs-booking/600-hs-booking-schema.sql
-        context: "!only-office"
+        context: "!only-prod-schema"
     - include:
         file: db/changelog/6-hs-booking/610-booking-debitor/6100-hs-booking-debitor.sql
-        context: "!only-office"
+        context: "!only-prod-schema"
     - include:
         file: db/changelog/6-hs-booking/620-booking-project/6200-hs-booking-project.sql
-        context: "!only-office"
+        context: "!only-prod-schema"
     - include:
         file: db/changelog/6-hs-booking/620-booking-project/6203-hs-booking-project-rbac.sql
-        context: "!only-office"
+        context: "!only-prod-schema"
     - include:
         file: db/changelog/6-hs-booking/620-booking-project/6208-hs-booking-project-test-data.sql
-        context: "!only-office and !without-test-data"
+        context: "!only-prod-schema and !without-test-data"
     - include:
         file: db/changelog/6-hs-booking/630-booking-item/6300-hs-booking-item.sql
-        context: "!only-office"
+        context: "!only-prod-schema"
     - include:
         file: db/changelog/6-hs-booking/630-booking-item/6303-hs-booking-item-rbac.sql
-        context: "!only-office"
+        context: "!only-prod-schema"
     - include:
         file: db/changelog/6-hs-booking/630-booking-item/6308-hs-booking-item-test-data.sql
-        context: "!only-office and !without-test-data"
+        context: "!only-prod-schema and !without-test-data"
 
     - include:
         file: db/changelog/7-hs-hosting/700-hs-hosting-schema.sql
-        context: "!only-office"
+        context: "!only-prod-schema"
     - include:
         file: db/changelog/7-hs-hosting/701-hosting-asset/7010-hs-hosting-asset.sql
-        context: "!only-office"
+        context: "!only-prod-schema"
     - include:
         file: db/changelog/7-hs-hosting/701-hosting-asset/7013-hs-hosting-asset-rbac.sql
-        context: "!only-office"
+        context: "!only-prod-schema"
     - include:
         file: db/changelog/7-hs-hosting/701-hosting-asset/7016-hs-hosting-asset-migration.sql
-        context: "!only-office"
+        context: "!only-prod-schema"
     - include:
         file: db/changelog/7-hs-hosting/701-hosting-asset/7018-hs-hosting-asset-test-data.sql
-        context: "!only-office and !without-test-data"
+        context: "!only-prod-schema and !without-test-data"
 
     - include:
         file: db/changelog/9-hs-global/9000-statistics.sql
-        context: "!only-office"
+        context: "!only-prod-schema"
 
     - include:
           file: db/changelog/9-hs-global/950-credentials/9500-hs-credentials-schema.sql
+          context: "!only-prod-schema"
     - include:
           file: db/changelog/9-hs-global/950-credentials/9510-hs-credentials.sql
+          context: "!only-prod-schema"
     #    TODO_impl: RBAC rules for _rv do not yet work properly
     #    - include:
     #          file: db/changelog/9-hs-global/950-credentials/9513-hs-credentials-rbac.sql
     - include:
           file: db/changelog/9-hs-global/950-credentials/9519-hs-credentials-test-data.sql
-          context: "!without-test-data"
+          context: "!only-prod-schema and !without-test-data"
 
     - include:
           file: db/changelog/9-hs-global/960-integrations/9600-hs-integration-schema.sql