Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: add password_hash and id fields to admin create user #1641

Merged
merged 5 commits into from
Jul 3, 2024
Merged

feat: add password_hash and id fields to admin create user #1641

merged 5 commits into from
Jul 3, 2024

Conversation

kangmingtay
Copy link
Member

@kangmingtay kangmingtay commented Jun 28, 2024
edited
Loading

What kind of change does this PR introduce?

  • Add a password_hash field to admin create user, which allows an admin to create a user with a given password hash (argon2 or bcrypt)
  • Add an id field to admin create user, which allows an admin to create a user with a custom id
  • To prevent someone from creating a bunch of users with a high bcrypt hashing cost, we opt to rehash the password with the default cost (10) on subsequent sign-in.

What is the current behavior?

  • Only plaintext passwords are allowed, which will subsequently be hashed internally

What is the new behavior?

Example request using the bcrypt hash of "test":

$ curl -X POST 'http://localhost:9999/admin/users' \
-H 'Authorization: Bearer <admin_jwt>' \
-H 'Content-Type: application/json' \
-d '{"email": "foo@example.com", "password_hash": "$2y$10$SXEz2HeT8PUIGQXo9yeUIem8KzNxgG0d7o/.eGj2rj8KbRgAuRVlq"}'

Example request using a custom id:

$ curl -X POST 'http://localhost:9999/admin/users' \
-H 'Authorization: Bearer <admin_jwt>' \
-H 'Content-Type: application/json' \
-d '{"id": "2a8813c2-bda7-47f0-94a6-49fcfdf61a70", "email": "foo@example.com"}'

Feel free to include screenshots if it includes visual changes.

Additional context

Add any other context or screenshots.

@kangmingtay kangmingtay requested a review from a team as a code owner June 28, 2024 23:50
@coveralls
Copy link

coveralls commented Jun 28, 2024
edited
Loading

Pull Request Test Coverage Report for Build 9719783224

Details

  • 50 of 63 (79.37%) changed or added relevant lines in 3 files are covered.
  • No unchanged relevant lines lost coverage.
  • Overall coverage increased (+0.09%) to 57.807%
Changes Missing Coverage Covered Lines Changed/Added Lines %
internal/api/admin.go 8 10 80.0%
internal/crypto/password.go 20 31 64.52%
Totals Coverage Status
Change from base Build 9700150048: 0.09%
Covered Lines: 8752
Relevant Lines: 15140
💛 - Coveralls

@coveralls
Copy link

coveralls commented Jun 29, 2024
edited
Loading

Pull Request Test Coverage Report for Build 9720581586

Details

  • 62 of 79 (78.48%) changed or added relevant lines in 5 files are covered.
  • No unchanged relevant lines lost coverage.
  • Overall coverage increased (+0.1%) to 57.834%
Changes Missing Coverage Covered Lines Changed/Added Lines %
internal/api/admin.go 8 10 80.0%
internal/models/user.go 31 35 88.57%
internal/crypto/password.go 21 32 65.63%
Totals Coverage Status
Change from base Build 9700150048: 0.1%
Covered Lines: 8763
Relevant Lines: 15152
💛 - Coveralls

@kangmingtay kangmingtay force-pushed the km/update-admin-create-user branch from 5b3b5ea to 5a550fd Compare June 29, 2024 01:59
kangmingtay
kangmingtay commented Jun 29, 2024
View reviewed changes
internal/api/admin.go Outdated Show resolved Hide resolved
@coveralls
Copy link

coveralls commented Jun 29, 2024
edited
Loading

Pull Request Test Coverage Report for Build 9720699259

Details

  • 64 of 79 (81.01%) changed or added relevant lines in 5 files are covered.
  • 84 unchanged lines in 1 file lost coverage.
  • Overall coverage increased (+0.2%) to 57.896%
Changes Missing Coverage Covered Lines Changed/Added Lines %
internal/models/user.go 31 35 88.57%
internal/crypto/password.go 21 32 65.63%
Files with Coverage Reduction New Missed Lines %
internal/api/admin.go 84 65.27%
Totals Coverage Status
Change from base Build 9700150048: 0.2%
Covered Lines: 8773
Relevant Lines: 15153
💛 - Coveralls

@coveralls
Copy link

coveralls commented Jun 29, 2024
edited
Loading

Pull Request Test Coverage Report for Build 9720709431

Details

  • 65 of 80 (81.25%) changed or added relevant lines in 5 files are covered.
  • No unchanged relevant lines lost coverage.
  • Overall coverage increased (+0.2%) to 57.893%
Changes Missing Coverage Covered Lines Changed/Added Lines %
internal/models/user.go 31 35 88.57%
internal/crypto/password.go 21 32 65.63%
Totals Coverage Status
Change from base Build 9700150048: 0.2%
Covered Lines: 8772
Relevant Lines: 15152
💛 - Coveralls

@kangmingtay kangmingtay changed the title feat: add password_hash field to admin create user feat: add password_hash and id fields to admin create user Jul 3, 2024
@coveralls
Copy link

coveralls commented Jul 3, 2024
edited
Loading

Pull Request Test Coverage Report for Build 9770704831

Warning: This coverage report may be inaccurate.

This pull request's base commit is no longer the HEAD commit of its target branch. This means it includes changes from outside the original pull request, including, potentially, unrelated coverage changes.

Details

  • 74 of 89 (83.15%) changed or added relevant lines in 5 files are covered.
  • 15 unchanged lines in 1 file lost coverage.
  • Overall coverage increased (+0.2%) to 57.948%
Changes Missing Coverage Covered Lines Changed/Added Lines %
internal/models/user.go 31 35 88.57%
internal/crypto/password.go 21 32 65.63%
Files with Coverage Reduction New Missed Lines %
internal/models/one_time_token.go 15 67.26%
Totals Coverage Status
Change from base Build 9700150048: 0.2%
Covered Lines: 8789
Relevant Lines: 15167
💛 - Coveralls

J0
J0 approved these changes Jul 3, 2024
View reviewed changes
Copy link
Contributor

@J0 J0 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Great work, thanks! 💯

@coveralls
Copy link

coveralls commented Jul 3, 2024
edited
Loading

Pull Request Test Coverage Report for Build 9783281044

Warning: This coverage report may be inaccurate.

This pull request's base commit is no longer the HEAD commit of its target branch. This means it includes changes from outside the original pull request, including, potentially, unrelated coverage changes.

Details

  • 88 of 105 (83.81%) changed or added relevant lines in 5 files are covered.
  • 15 unchanged lines in 1 file lost coverage.
  • Overall coverage increased (+0.2%) to 57.953%
Changes Missing Coverage Covered Lines Changed/Added Lines %
internal/api/admin.go 34 36 94.44%
internal/models/user.go 31 35 88.57%
internal/crypto/password.go 21 32 65.63%
Files with Coverage Reduction New Missed Lines %
internal/models/one_time_token.go 15 67.26%
Totals Coverage Status
Change from base Build 9700150048: 0.2%
Covered Lines: 8792
Relevant Lines: 15171
💛 - Coveralls

@kangmingtay kangmingtay merged commit 20d59f1 into master Jul 3, 2024
2 checks passed
@kangmingtay kangmingtay deleted the km/update-admin-create-user branch July 3, 2024 19:13
@github-actions github-actions bot mentioned this pull request Jul 3, 2024
Merged
J0 pushed a commit that referenced this pull request Jul 3, 2024
@github-actions
chore(master): release 2.155.0 (#1640)
85361b7 
🤖 I have created a release *beep* *boop*
---


##
[2.155.0](v2.154.2...v2.155.0)
(2024-07-03)


### Features

* add `password_hash` and `id` fields to admin create user
([#1641](#1641))
([20d59f1](20d59f1))


### Bug Fixes

* improve mfa verify logs
([#1635](#1635))
([d8b47f9](d8b47f9))
* invited users should have a temporary password generated
([#1644](#1644))
([3f70d9d](3f70d9d))
* upgrade golang-jwt to v5
([#1639](#1639))
([2cb97f0](2cb97f0))
* use pointer for `user.EncryptedPassword`
([#1637](#1637))
([bbecbd6](bbecbd6))

---
This PR was generated with [Release
Please](https://github.com/googleapis/release-please). See
[documentation](https://github.com/googleapis/release-please#release-please).

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
uxodb pushed a commit to uxodb/auth that referenced this pull request Nov 13, 2024
@kangmingtay
feat: add password_hash and id fields to admin create user (supab…
4b84566 
…ase#1641)

## What kind of change does this PR introduce?
* Add a `password_hash` field to admin create user, which allows an
admin to create a user with a given password hash (argon2 or bcrypt)
* Add an `id` field to admin create user, which allows an admin to
create a user with a custom id
* To prevent someone from creating a bunch of users with a high bcrypt
hashing cost, we opt to rehash the password with the default cost (10)
on subsequent sign-in.

## What is the current behavior?
* Only plaintext passwords are allowed, which will subsequently be
hashed internally

## What is the new behavior?

Example request using the bcrypt hash of "test":
```bash
$ curl -X POST 'http://localhost:9999/admin/users' \
-H 'Authorization: Bearer <admin_jwt>' \
-H 'Content-Type: application/json' \
-d '{"email": "foo@example.com", "password_hash": "$2y$10$SXEz2HeT8PUIGQXo9yeUIem8KzNxgG0d7o/.eGj2rj8KbRgAuRVlq"}'
```

Example request using a custom id:
```bash
$ curl -X POST 'http://localhost:9999/admin/users' \
-H 'Authorization: Bearer <admin_jwt>' \
-H 'Content-Type: application/json' \
-d '{"id": "2a8813c2-bda7-47f0-94a6-49fcfdf61a70", "email": "foo@example.com"}'
```

Feel free to include screenshots if it includes visual changes.

## Additional context

Add any other context or screenshots.
uxodb pushed a commit to uxodb/auth that referenced this pull request Nov 13, 2024
@github-actions
chore(master): release 2.155.0 (supabase#1640)
ebeb521 
🤖 I have created a release *beep* *boop*
---


##
[2.155.0](supabase/auth@v2.154.2...v2.155.0)
(2024-07-03)


### Features

* add `password_hash` and `id` fields to admin create user
([supabase#1641](supabase#1641))
([20d59f1](supabase@20d59f1))


### Bug Fixes

* improve mfa verify logs
([supabase#1635](supabase#1635))
([d8b47f9](supabase@d8b47f9))
* invited users should have a temporary password generated
([supabase#1644](supabase#1644))
([3f70d9d](supabase@3f70d9d))
* upgrade golang-jwt to v5
([supabase#1639](supabase#1639))
([2cb97f0](supabase@2cb97f0))
* use pointer for `user.EncryptedPassword`
([supabase#1637](supabase#1637))
([bbecbd6](supabase@bbecbd6))

---
This PR was generated with [Release
Please](https://github.com/googleapis/release-please). See
[documentation](https://github.com/googleapis/release-please#release-please).

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
LashaJini pushed a commit to LashaJini/auth that referenced this pull request Nov 13, 2024
@kangmingtay @LashaJini
feat: add password_hash and id fields to admin create user (supab…
f280395 
…ase#1641)

## What kind of change does this PR introduce?
* Add a `password_hash` field to admin create user, which allows an
admin to create a user with a given password hash (argon2 or bcrypt)
* Add an `id` field to admin create user, which allows an admin to
create a user with a custom id
* To prevent someone from creating a bunch of users with a high bcrypt
hashing cost, we opt to rehash the password with the default cost (10)
on subsequent sign-in.

## What is the current behavior?
* Only plaintext passwords are allowed, which will subsequently be
hashed internally

## What is the new behavior?

Example request using the bcrypt hash of "test":
```bash
$ curl -X POST 'http://localhost:9999/admin/users' \
-H 'Authorization: Bearer <admin_jwt>' \
-H 'Content-Type: application/json' \
-d '{"email": "foo@example.com", "password_hash": "$2y$10$SXEz2HeT8PUIGQXo9yeUIem8KzNxgG0d7o/.eGj2rj8KbRgAuRVlq"}'
```

Example request using a custom id:
```bash
$ curl -X POST 'http://localhost:9999/admin/users' \
-H 'Authorization: Bearer <admin_jwt>' \
-H 'Content-Type: application/json' \
-d '{"id": "2a8813c2-bda7-47f0-94a6-49fcfdf61a70", "email": "foo@example.com"}'
```

Feel free to include screenshots if it includes visual changes.

## Additional context

Add any other context or screenshots.
LashaJini pushed a commit to LashaJini/auth that referenced this pull request Nov 13, 2024
@github-actions @LashaJini
chore(master): release 2.155.0 (supabase#1640)
d018e5b 
🤖 I have created a release *beep* *boop*
---


##
[2.155.0](supabase/auth@v2.154.2...v2.155.0)
(2024-07-03)


### Features

* add `password_hash` and `id` fields to admin create user
([supabase#1641](supabase#1641))
([20d59f1](supabase@20d59f1))


### Bug Fixes

* improve mfa verify logs
([supabase#1635](supabase#1635))
([d8b47f9](supabase@d8b47f9))
* invited users should have a temporary password generated
([supabase#1644](supabase#1644))
([3f70d9d](supabase@3f70d9d))
* upgrade golang-jwt to v5
([supabase#1639](supabase#1639))
([2cb97f0](supabase@2cb97f0))
* use pointer for `user.EncryptedPassword`
([supabase#1637](supabase#1637))
([bbecbd6](supabase@bbecbd6))

---
This PR was generated with [Release
Please](https://github.com/googleapis/release-please). See
[documentation](https://github.com/googleapis/release-please#release-please).

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
LashaJini pushed a commit to LashaJini/auth that referenced this pull request Nov 15, 2024
@kangmingtay @LashaJini
feat: add password_hash and id fields to admin create user (supab…
3119d62 
…ase#1641)

## What kind of change does this PR introduce?
* Add a `password_hash` field to admin create user, which allows an
admin to create a user with a given password hash (argon2 or bcrypt)
* Add an `id` field to admin create user, which allows an admin to
create a user with a custom id
* To prevent someone from creating a bunch of users with a high bcrypt
hashing cost, we opt to rehash the password with the default cost (10)
on subsequent sign-in.

## What is the current behavior?
* Only plaintext passwords are allowed, which will subsequently be
hashed internally

## What is the new behavior?

Example request using the bcrypt hash of "test":
```bash
$ curl -X POST 'http://localhost:9999/admin/users' \
-H 'Authorization: Bearer <admin_jwt>' \
-H 'Content-Type: application/json' \
-d '{"email": "foo@example.com", "password_hash": "$2y$10$SXEz2HeT8PUIGQXo9yeUIem8KzNxgG0d7o/.eGj2rj8KbRgAuRVlq"}'
```

Example request using a custom id:
```bash
$ curl -X POST 'http://localhost:9999/admin/users' \
-H 'Authorization: Bearer <admin_jwt>' \
-H 'Content-Type: application/json' \
-d '{"id": "2a8813c2-bda7-47f0-94a6-49fcfdf61a70", "email": "foo@example.com"}'
```

Feel free to include screenshots if it includes visual changes.

## Additional context

Add any other context or screenshots.
LashaJini pushed a commit to LashaJini/auth that referenced this pull request Nov 15, 2024
@github-actions @LashaJini
chore(master): release 2.155.0 (supabase#1640)
e8263ed 
🤖 I have created a release *beep* *boop*
---


##
[2.155.0](supabase/auth@v2.154.2...v2.155.0)
(2024-07-03)


### Features

* add `password_hash` and `id` fields to admin create user
([supabase#1641](supabase#1641))
([20d59f1](supabase@20d59f1))


### Bug Fixes

* improve mfa verify logs
([supabase#1635](supabase#1635))
([d8b47f9](supabase@d8b47f9))
* invited users should have a temporary password generated
([supabase#1644](supabase#1644))
([3f70d9d](supabase@3f70d9d))
* upgrade golang-jwt to v5
([supabase#1639](supabase#1639))
([2cb97f0](supabase@2cb97f0))
* use pointer for `user.EncryptedPassword`
([supabase#1637](supabase#1637))
([bbecbd6](supabase@bbecbd6))

---
This PR was generated with [Release
Please](https://github.com/googleapis/release-please). See
[documentation](https://github.com/googleapis/release-please#release-please).

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@J0 J0 J0 approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@kangmingtay @coveralls @J0