`e4fdfc3`

S10: login restore-on-login hook + audit actions for account_deleted/restored

Authored by mfwolffe <wolffemf@dukes.jmu.edu> 6 days ago

SHA: e4fdfc3a53679a3f1022d88c98dcac68db2e9049
Parents: f080f02
Tree: e058fc8

3 changed files

Status	File	+	-
M	`internal/auth/audit/audit.go`	2	0
M	`internal/web/handlers/auth/auth.go`	23	1
M	`internal/web/handlers/auth/auth_test.go`	14	1

internal/auth/audit/audit.gomodified

  	ActionPATCreated           Action = "pat_created"
  	ActionPATRevoked           Action = "pat_revoked"
  	ActionUsernameChanged      Action = "username_changed"
 +	ActionAccountDeleted       Action = "account_deleted"
 +	ActionAccountRestored      Action = "account_restored"
+ )
  // Target is a typed target-type constant.

internal/web/handlers/auth/auth.gomodified

  			r.Post("/settings/notifications", h.settingsNotificationsSubmit)
  			r.Get("/settings/sessions", h.settingsSessionsList)
  			r.Post("/settings/sessions/logout-everywhere", h.settingsSessionsLogoutAll)
 +			r.Get("/settings/danger", h.settingsDangerForm)
 +			r.Post("/settings/danger", h.settingsDangerDelete)
  			r.Get("/settings/keys", h.sshKeysList)
  			r.Post("/settings/keys", h.sshKeysAdd)
  			r.Post("/settings/keys/{id}/delete", h.sshKeysDelete)
  		return
+ 	}
 -	user, err := h.q.GetUserByUsername(r.Context(), h.d.Pool, username)
 +	// IncludingDeleted lets us spot soft-deleted users so we can restore
 +	// them on login during the grace window. Past the window they look
 +	// indistinguishable from "doesn't exist" — same response, same timing.
 +	user, err := h.q.GetUserByUsernameIncludingDeleted(r.Context(), h.d.Pool, username)
  	if err != nil {
  		// User doesn't exist — still hash to keep timing constant.
  		password.VerifyAgainstDummy(pw)
  		render("Incorrect username or password.")
  		return
+ 	}
 +	if user.DeletedAt.Valid && time.Since(user.DeletedAt.Time) >= deletionGraceWindow {
 +		password.VerifyAgainstDummy(pw)
 +		render("Incorrect username or password.")
 +		return
 +	}
  	ok, err := password.Verify(pw, user.PasswordHash)
  	if err != nil {
  		render("Incorrect username or password.")
  		return
+ 	}
++
 +	// Restore-on-login: a within-grace soft-deleted user gets undeleted
 +	// the moment they prove ownership of the password. Best-effort: a
 +	// failed restore doesn't block the login (the row stays
 +	// soft-deleted; UI will surface the issue).
 +	if user.DeletedAt.Valid {
 +		if err := h.q.RestoreUserAccount(r.Context(), h.d.Pool, user.ID); err != nil {
 +			h.d.Logger.WarnContext(r.Context(), "login: restore", "error", err)
 +		} else {
 +			user.DeletedAt.Valid = false
 +		}
 +	}
  	if user.SuspendedAt.Valid {
  		render("This account has been suspended.")
  		return

internal/web/handlers/auth/auth_test.gomodified

  	"time"
  	"github.com/go-chi/chi/v5"
 +	"github.com/jackc/pgx/v5/pgxpool"
  	"github.com/justinas/nosurf"
  	"github.com/tenseleyFlow/shithub/internal/auth/email"
  var fastArgon = password.Params{Memory: 16 * 1024, Time: 1, Threads: 1, SaltLen: 16, KeyLen: 32}
  func newTestServer(t *testing.T, requireVerify bool) (*httptest.Server, *captureSender) {
 +	srv, _, captor := newTestServerWithPool(t, requireVerify)
 +	return srv, captor
 +}
++
 +// newTestServerWithPool is identical to newTestServer but also exposes
 +// the underlying pool so tests that need to manipulate DB state (e.g.
 +// backdating timestamps) can do so against the SAME database the server
 +// is reading from. Use the simpler newTestServer when no DB poking is
 +// needed.
 +func newTestServerWithPool(t *testing.T, requireVerify bool) (*httptest.Server, *pgxpool.Pool, *captureSender) {
  	t.Helper()
  	pool := dbtest.NewTestDB(t)
  	srv := httptest.NewServer(r)
  	t.Cleanup(srv.Close)
 -	return srv, cap
 +	return srv, pool, cap
+ }
  // authTemplatesFS returns a minimal templates FS sufficient for the auth
  	emailsTpl := `{{ define "page" }}<h1>Emails</h1>{{ with .Error }}<p class=error>{{.}}</p>{{ end }}{{ with .Success }}<p class=notice>{{.}}</p>{{ end }}<form action="/settings/emails" method=POST><input name=csrf_token value="{{.CSRFToken}}"></form>EMAILS={{ range .Emails }}{{.ID}}:{{.Email}}:p={{.IsPrimary}}:v={{.Verified}};{{ end }}{{ end }}`
  	notifTpl := `{{ define "page" }}<h1>Notifications</h1>{{ with .Success }}<p class=notice>{{.}}</p>{{ end }}<form action="/settings/notifications" method=POST><input name=csrf_token value="{{.CSRFToken}}">CHANNELS={{ range .Channels }}{{.Key}}:e={{.Enabled}}:r={{.Required}};{{ end }}</form>{{ end }}`
  	sessTpl := `{{ define "page" }}<h1>Sessions</h1>{{ with .Success }}<p class=notice>{{.}}</p>{{ end }}<form action="/settings/sessions/logout-everywhere" method=POST><input name=csrf_token value="{{.CSRFToken}}">UA={{.UserAgent}};</form>{{ end }}`
 +	dangerTpl := `{{ define "page" }}<h1>Delete</h1>{{ with .Error }}<p class=error>{{.}}</p>{{ end }}<form action="/settings/danger" method=POST><input name=csrf_token value="{{.CSRFToken}}">USER={{.Username}};GRACE={{.GraceWindowDays}};</form>{{ end }}`
  	errorPage := `{{ define "page" }}<h1>{{.Status}} {{.StatusText}}</h1><p>{{.Message}}</p>{{ end }}`
  	return fstest.MapFS{
  		"_layout.html":                {Data: []byte(layout)},
  		"settings/emails.html":        {Data: []byte(emailsTpl)},
  		"settings/notifications.html": {Data: []byte(notifTpl)},
  		"settings/sessions.html":      {Data: []byte(sessTpl)},
 +		"settings/danger.html":        {Data: []byte(dangerTpl)},
  		"errors/404.html":             {Data: []byte(errorPage)},
  		"errors/403.html":             {Data: []byte(errorPage)},
  		"errors/429.html":             {Data: []byte(errorPage)},