Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(user): implement force password reset #3572

Merged
merged 5 commits into from
Feb 9, 2024
Merged

feat(user): implement force password reset #3572

merged 5 commits into from
Feb 9, 2024

Conversation

apoorvdixit88
Copy link
Contributor

Type of Change

  • Bugfix
  • New feature
  • Enhancement
  • Refactoring
  • Dependency updates
  • Documentation
  • CI/CD

Description

For newly invited users, add support to have check for whether password has been changed once or not.

  • Use enum IsChangePasswordRequired to have this check.

Additional Changes

  • This PR modifies the API contract
  • This PR modifies the database schema
  • This PR modifies application configuration/environment variables

Motivation and Context

For users with email feature flag disabled, there is no support to know whether the newly invited user has change password or not.

How did you test it?

For Test
Invite user

curl --location 'http://localhost:8080/user/user/invite' \
--header 'Authorization: Bearer JWT' \
--header 'Content-Type: application/json' \
--data-raw '{
  "email": "[email protected]",
    "name": "test3",
    "role_id": "merchant_admin"
}
'

Invited user signin

curl --location 'http://localhost:8080/user/signin' \
--header 'Content-Type: application/json' \
--header 'Cookie: token=JWT' \
--data-raw '{
    
    
    "email": "[email protected]",
    "password": "926fc057-df2e-42af-aada-5e403487f3aa"

}'

Check value of Enum IsChangePasswordRequired

curl --location --request GET 'http://localhost:8080/user/data?keys=IsChangePasswordRequired' \
--header 'Authorization: Bearer JWT' \
--header 'Content-Type: application/json' \
--data '
'

Response:

[
    {
        "IsChangePasswordRequired": true
    }
]

Change Password:

curl --location 'http://localhost:8080/user/change_password' \
--header 'Content-Type: application/json' \
--header 'Cookie: token=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ1c2VyX2lkIjoiMWZjNzgyOTUtM2JiMy00OGJjLThlZDgtNzFjMzVjMzMxYWU2IiwibWVyY2hhbnRfaWQiOiJtZXJjaGFudF8xNjk3NzE2ODcwIiwicm9sZV9pZCI6Im1lcmNoYW50X2FkbWluIiwiZXhwIjoxNjk3ODg5NjcxLCJvcmdfaWQiOiJvcmdfejQ5ZExMeTdmbllUODN5TDY3clEifQ.CJzEQ2qbhn-qUiiVBSdvCJiLvWp-5wCF9R54gth6QbQ' \
--header 'Authorization: Bearer JWT' \
--data '{
    "old_password": "926fc057-df2e-42af-aada-5e403487f3aa",
    "new_password": "test"
}
'

Again checking the value of enum after login:

curl --location --request GET 'http://localhost:8080/user/data?keys=IsChangePasswordRequired' \
--header 'Authorization: Bearer JWT' \
--header 'Content-Type: application/json' \
--data '
'

Response should be:

[
    {
        "IsChangePasswordRequired": false
    }
]

Checklist

  • I formatted the code cargo +nightly fmt --all
  • I addressed lints thrown by cargo clippy
  • I reviewed the submitted code
  • I added unit tests for my changes where possible
  • I added a CHANGELOG entry if applicable

@apoorvdixit88 apoorvdixit88 added C-feature Category: Feature request or enhancement S-waiting-on-review Status: This PR has been implemented and needs to be reviewed R-waiting-on-L1 A-users Area: Users labels Feb 7, 2024
@apoorvdixit88 apoorvdixit88 self-assigned this Feb 7, 2024
@apoorvdixit88 apoorvdixit88 requested review from a team as code owners February 7, 2024 08:25
@apoorvdixit88 apoorvdixit88 linked an issue Feb 7, 2024 that may be closed by this pull request
feat: force password for user #3573
Closed
ThisIsMani
ThisIsMani reviewed Feb 7, 2024
View reviewed changes
ThisIsMani
ThisIsMani reviewed Feb 8, 2024
View reviewed changes
Copy link
Contributor

@ThisIsMani ThisIsMani left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can we rename the other db delete function.

ThisIsMani
ThisIsMani previously approved these changes Feb 8, 2024
View reviewed changes
Copy link
Contributor

@ThisIsMani ThisIsMani left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Minor concerns

crates/router/src/core/user.rs Outdated
status: invitation_status,
created_by: user_from_token.user_id.clone(),
last_modified_by: user_from_token.user_id,
last_modified_by: user_from_token.user_id.clone(),
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Don't have to clone this probably.

ThisIsMani
ThisIsMani previously approved these changes Feb 8, 2024
View reviewed changes
racnan
racnan requested changes Feb 8, 2024
View reviewed changes
crates/router/src/core/user.rs Outdated
Comment on lines 313 to 324
#[cfg(not(feature = "email"))]
{
state
.store
.delete_user_scoped_dashboard_metadata_by_merchant_id_data_key(
&user_from_token.user_id,
&user_from_token.merchant_id,
diesel_models::enums::DashboardMetadata::IsChangePasswordRequired,
)
.await
.ok();
}
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

log the error.

crates/router/src/core/user.rs
role_id: request.role_id.clone(),
};

let set_metadata_request = SetMetaDataRequest::IsChangePasswordRequired;
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

unnecessary variable assignment.

@likhinbopanna likhinbopanna removed the S-waiting-on-review Status: This PR has been implemented and needs to be reviewed label Feb 9, 2024
@likhinbopanna likhinbopanna added this pull request to the merge queue Feb 9, 2024
Merged via the queue into main with commit cfa10aa Feb 9, 2024
10 of 12 checks passed
@likhinbopanna likhinbopanna deleted the force-password branch February 9, 2024 10:33
Narayanbhat166
Narayanbhat166 reviewed Feb 15, 2024
View reviewed changes
crates/diesel_models/src/enums.rs
@@ -511,4 +511,5 @@ pub enum DashboardMetadata {
ConfigureWoocom,
SetupWoocomWebhook,
IsMultipleConfiguration,
IsChangePasswordRequired,
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This needs a migration change right @apoorvdixit88?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Narayanbhat166 Narayanbhat166 Narayanbhat166 left review comments

@racnan racnan racnan approved these changes

@ThisIsMani ThisIsMani ThisIsMani approved these changes

Assignees

@apoorvdixit88 apoorvdixit88

Labels
A-users Area: Users C-feature Category: Feature request or enhancement
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

feat: force password for user
6 participants
@apoorvdixit88 @Narayanbhat166 @racnan @ThisIsMani @SanchithHegde @likhinbopanna