Commit graph

131 commits

Author SHA1 Message Date
Daniel Krol
6672175a25 Server test/implement send verify-account email 2022-07-27 19:45:09 -04:00
Daniel Krol
f15875c4a6 Verify account endpoint 2022-07-26 16:36:57 -04:00
Daniel Krol
0c6964df0e Oops delete way outdated comment 2022-07-26 12:48:44 -04:00
Daniel Krol
2f4ffd752c Temporarily fix integration tests for email verify
Require email verify. As of now we don't have the "verified" bit in the storage layer so it passes. Once we put that in, we'll have to go back and add a call to the verification endpoint.
2022-07-26 11:21:55 -04:00
Daniel Krol
aee351a2b1 Don't allow password change for unverified accounts
Mainly because wallet change is tied up in it
2022-07-26 11:18:43 -04:00
Daniel Krol
5985631410 Don't hand out auth tokens if they're not verified 2022-07-26 10:53:31 -04:00
Daniel Krol
55db62e2f9 Register endpoint handles "verified" status
Based on the verification mode specified in env. The db doesn't do anything with it yet.
2022-07-26 10:16:44 -04:00
Daniel Krol
832778ffd1 env: rename things, export type 2022-07-25 18:02:25 -04:00
Daniel Krol
f792ba5846 env package provides config values 2022-07-24 16:03:37 -04:00
Daniel Krol
ade526f4f9 Create environmental var package 2022-07-23 19:03:51 -04:00
Daniel Krol
36659ef720 More unique metric name; comment 2022-07-23 16:47:18 -04:00
Daniel Krol
41b14dad44 Prometheus - track wallet requests 2022-07-22 19:49:30 -04:00
Daniel Krol
3ff36f169c Add prometheus packages 2022-07-22 19:29:08 -04:00
Daniel Krol
4f8a648cc4 Notes for auditor. 2022-07-22 16:37:27 -04:00
Daniel Krol
aefda1245b Make emails case insensitive (for now).
Prevents duplicate accounts. Also allows case insensitive search (user id, salt seed, etc) while still having an index. This is done by storing normalized as a separate field from originally formated (which we'll use for sending emails, etc).
2022-07-22 16:29:03 -04:00
Daniel Krol
f10cc8aa26 Salt Seed, used to generate secrets on client 2022-07-21 19:10:16 -04:00
Daniel Krol
23f9d45ed5 More useful 404, particularly for API version change 2022-07-21 15:14:21 -04:00
Daniel Krol
4430013bae KDF for server password. Save salt in DB. 2022-07-14 22:04:03 -04:00
Daniel Krol
dbfdff167b Confirm scrypt parameters; remove comment 2022-07-13 06:44:42 -04:00
Daniel Krol
ed8b22363e Hosting instructions 2022-07-11 22:25:43 -04:00
Daniel Krol
55686cb7b5 Change module name to new repo account 2022-07-11 22:14:53 -04:00
Daniel Krol
7833015f56 Clear up what ErrNoWallet means 2022-07-11 10:41:18 -04:00
Daniel Krol
2e0eb736f9 Remove outdated comment 2022-07-11 09:51:22 -04:00
Daniel Krol
aa7dd09816 Remove old comment 2022-07-11 09:46:45 -04:00
Daniel Krol
6646e9a4f9 validate() functions return error messages 2022-07-11 09:42:08 -04:00
Daniel Krol
18e30bd6b1 Outdated comment; version is now in endpoint path 2022-07-08 13:17:44 -04:00
Daniel Krol
f9e3013e64 Test client: Don't allow password change if there are pending local wallet changes.
This is in line with:

https://github.com/orblivion/lbry-wallet-sync-draft/blob/master/spec/user-flows.md#push-local-password-change

This is the only rule we have to go out of our way to implement, and it's for UI simplicity, and/or to keep the hierarchy consistent. The rest of the rules you see there sort of automatically get enforced with the existing guardrails.
2022-07-08 12:55:57 -04:00
Daniel Krol
a9f88a552c Update test client README for change password 2022-07-07 12:33:45 -04:00
Daniel Krol
231cb1b79b Test client uses new password change endpoint 2022-07-06 17:55:15 -04:00
Daniel Krol
84640905b5 Integration test for password change 2022-07-06 16:45:50 -04:00
Daniel Krol
f8d51f9b31 Rename file to be more uniform 2022-07-06 15:26:26 -04:00
Daniel Krol
9aa2082a7c Change a check to be like other times I made that check in the file. 2022-07-06 15:22:45 -04:00
Daniel Krol
2b55d0f678 use QueryRow in store.go for cleaner code 2022-07-06 15:15:17 -04:00
Daniel Krol
125e461d95 Change password endpoint implemented and tested 2022-07-06 14:03:59 -04:00
Daniel Krol
bce47979f6 Comments, remove some old junk 2022-07-06 13:00:23 -04:00
Daniel Krol
3829155308 ErrNoUId -> ErrWrongCredentials 2022-07-06 12:44:35 -04:00
Daniel Krol
02a5b9ce24 store.ChangePasswordNoWallet implement and test 2022-07-05 17:12:14 -04:00
Daniel Krol
41b65d08ab Add test to make sure tokens don't set expiration on error. 2022-07-04 11:50:00 -04:00
Daniel Krol
37fae6436b Create and test password change method
Includes updating the wallet if the user has one
2022-07-04 11:41:08 -04:00
Daniel Krol
f8e5ada1ee Comment 2022-06-29 11:15:00 -04:00
Daniel Krol
d121b115f2 Fix intergration test after moving functions around 2022-06-29 11:10:29 -04:00
Daniel Krol
8fce2cd868 Don't check that userId is non-zero; it's already handled by ForeignKey constraints 2022-06-29 00:12:01 -04:00
Daniel Krol
a37b64faad Actually put in foreign key constraints! Also test wallet and account empty db fields. 2022-06-29 00:06:43 -04:00
Daniel Krol
fac36a7931 Reject empty fields for insert token 2022-06-28 18:43:43 -04:00
Daniel Krol
bb9b2b845e Rename some password variables 2022-06-27 21:16:07 -04:00
Daniel Krol
098319bc77 Safer and slightly more efficient auth token query 2022-06-27 16:18:16 -04:00
Daniel Krol
dce5f8dd6c Don't use store functions to set up store function tests 2022-06-27 16:10:31 -04:00
Daniel Krol
0a74c67db0 Don't rely on store functions to verify other store functions in tests 2022-06-27 15:59:56 -04:00
Daniel Krol
535799299e Rename test file 2022-06-27 11:39:44 -04:00
Daniel Krol
897ee4b9a7 Move tests around a bit more 2022-06-27 11:36:58 -04:00