Mercurial > gemma
comparison schema/manage_users.sql @ 478:3af7ca761f6a
Purge password reset role
The risk of SQL-injections and thus privilege escalation
via the metamorphic user was estimated not high enough to
justify the extra role. Thus, bring database back in line
with rev. ffdb507d5b42 and re-enable password reset.
| author | Tom Gottfried <tom@intevation.de> |
|---|---|
| date | Thu, 23 Aug 2018 16:41:44 +0200 |
| parents | ff9dbe14f033 |
| children | 6590208e3ee1 |
comparison
equal
deleted
inserted
replaced
| 477:00b52d653039 | 478:3af7ca761f6a |
|---|---|
| 39 WHERE p.username = current_user | 39 WHERE p.username = current_user |
| 40 OR pg_has_role('waterway_admin', 'MEMBER') | 40 OR pg_has_role('waterway_admin', 'MEMBER') |
| 41 AND p.country = ( | 41 AND p.country = ( |
| 42 SELECT country FROM internal.user_profiles | 42 SELECT country FROM internal.user_profiles |
| 43 WHERE username = current_user) | 43 WHERE username = current_user) |
| 44 OR pg_has_role('pw_reset', 'MEMBER') | |
| 45 OR pg_has_role('sys_admin', 'MEMBER'); | 44 OR pg_has_role('sys_admin', 'MEMBER'); |
| 46 | 45 |
| 47 | 46 |
| 48 CREATE OR REPLACE FUNCTION users.current_user_country() | 47 CREATE OR REPLACE FUNCTION users.current_user_country() |
| 49 RETURNS internal.user_profiles.country%TYPE | 48 RETURNS internal.user_profiles.country%TYPE |
| 99 CREATE TRIGGER update_metamorph INSTEAD OF INSERT ON users.list_users | 98 CREATE TRIGGER update_metamorph INSTEAD OF INSERT ON users.list_users |
| 100 FOR EACH ROW | 99 FOR EACH ROW |
| 101 EXECUTE PROCEDURE internal.update_metamorph(); | 100 EXECUTE PROCEDURE internal.update_metamorph(); |
| 102 | 101 |
| 103 | 102 |
| 104 -- Prevent roles other than sys_admin and pw_reset to update any user but | 103 -- Prevent roles other than sys_admin to update any user but |
| 105 -- themselves (affects waterway_admin) | 104 -- themselves (affects waterway_admin) |
| 106 CREATE OR REPLACE FUNCTION internal.authorize_update_user() RETURNS trigger | 105 CREATE OR REPLACE FUNCTION internal.authorize_update_user() RETURNS trigger |
| 107 AS $$ | 106 AS $$ |
| 108 BEGIN | 107 BEGIN |
| 109 IF OLD.username <> current_user | 108 IF OLD.username <> current_user |
| 110 AND NOT (pg_has_role('sys_admin', 'MEMBER') | 109 AND NOT pg_has_role('sys_admin', 'MEMBER') |
| 111 OR pg_has_role('pw_reset', 'MEMBER')) | |
| 112 THEN | 110 THEN |
| 113 RETURN NULL; | 111 RETURN NULL; |
| 114 ELSE | 112 ELSE |
| 115 RETURN NEW; | 113 RETURN NEW; |
| 116 END IF; | 114 END IF; |
| 200 | 198 |
| 201 CREATE TRIGGER delete_user INSTEAD OF DELETE ON users.list_users FOR EACH ROW | 199 CREATE TRIGGER delete_user INSTEAD OF DELETE ON users.list_users FOR EACH ROW |
| 202 EXECUTE PROCEDURE internal.delete_user(); | 200 EXECUTE PROCEDURE internal.delete_user(); |
| 203 | 201 |
| 204 | 202 |
| 205 CREATE OR REPLACE VIEW pw_reset.list_users AS | |
| 206 SELECT username, pw, email_address FROM users.list_users; | |
| 207 | |
| 208 -- To set a role from a hex-encoded user name (which is save from SQL injections). | 203 -- To set a role from a hex-encoded user name (which is save from SQL injections). |
| 209 CREATE OR REPLACE FUNCTION public.setrole(role text) RETURNS void | 204 CREATE OR REPLACE FUNCTION public.setrole(role text) RETURNS void |
| 210 AS $$ | 205 AS $$ |
| 211 BEGIN | 206 BEGIN |
| 212 IF role IS NOT NULL AND role <> '' THEN | 207 IF role IS NOT NULL AND role <> '' THEN |