From 551e418ebc8400923b118b8061df9b38f0af7583 Mon Sep 17 00:00:00 2001 From: Gus Brodman Date: Thu, 15 May 2025 15:07:53 -0400 Subject: [PATCH] Add registrar_id col to password reset requests This is just so that we can add an additional layer of security on verification --- .../sql/er_diagram/brief_er_diagram.html | 6 +- .../sql/er_diagram/full_er_diagram.html | 656 +++++++++--------- db/src/main/resources/sql/flyway.txt | 1 + ...V194__password_reset_request_registrar.sql | 17 + .../resources/sql/schema/nomulus.golden.sql | 3 +- 5 files changed, 355 insertions(+), 328 deletions(-) create mode 100644 db/src/main/resources/sql/flyway/V194__password_reset_request_registrar.sql diff --git a/db/src/main/resources/sql/er_diagram/brief_er_diagram.html b/db/src/main/resources/sql/er_diagram/brief_er_diagram.html index 519144e3fb6..9afdc32450f 100644 --- a/db/src/main/resources/sql/er_diagram/brief_er_diagram.html +++ b/db/src/main/resources/sql/er_diagram/brief_er_diagram.html @@ -261,11 +261,11 @@

System Information

generated on - 2025-04-30 16:04:48 + 2025-05-15 19:22:21 last flyway file - V193__password_reset_request.sql + V194__password_reset_request_registrar.sql @@ -280,7 +280,7 @@

System Information

generated by SchemaCrawler 16.25.2 generated on - 2025-04-30 16:04:48 + 2025-05-15 19:22:21 diff --git a/db/src/main/resources/sql/er_diagram/full_er_diagram.html b/db/src/main/resources/sql/er_diagram/full_er_diagram.html index 3edced83304..0e05a2c0875 100644 --- a/db/src/main/resources/sql/er_diagram/full_er_diagram.html +++ b/db/src/main/resources/sql/er_diagram/full_er_diagram.html @@ -261,26 +261,26 @@ <h2>System Information</h2> </tr> <tr> <td class="property_name">generated on</td> - <td class="property_value">2025-04-30 16:04:45</td> + <td class="property_value">2025-05-15 19:22:16</td> </tr> <tr> <td class="property_name">last flyway file</td> - <td id="lastFlywayFile" class="property_value">V193__password_reset_request.sql</td> + <td id="lastFlywayFile" class="property_value">V194__password_reset_request_registrar.sql</td> </tr> </tbody> </table> <p> </p> <p> </p> - <svg viewBox="0.00 0.00 5683.00 8128.00" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" id="erDiagram" style="overflow: hidden; width: 100%; height: 800px"> - <g id="graph0" class="graph" transform="scale(1 1) rotate(0) translate(4 8124)"> + <svg viewBox="0.00 0.00 5683.00 8146.00" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" id="erDiagram" style="overflow: hidden; width: 100%; height: 800px"> + <g id="graph0" class="graph" transform="scale(1 1) rotate(0) translate(4 8142)"> <title> SchemaCrawler_Diagram - + generated by SchemaCrawler 16.25.2 generated on - 2025-04-30 16:04:45 + 2025-05-15 19:22:16 @@ -3168,113 +3168,116 @@ <h2>System Information</h2> <title> passwordresetrequest_8484e7b1 - - public."PasswordResetRequest" - - [table] - type + + public."PasswordResetRequest" + + [table] + type + + text not null + request_time - text not null - request_time + timestamptz not null + requester - timestamptz not null - requester + text not null + fulfillment_time - text not null - fulfillment_time + timestamptz + destination_email - timestamptz - destination_email + text not null + verification_code text not null - verification_code + registrar_id text not null - + premiumentry_b0060b91 - - public."PremiumEntry" - - [table] - revision_id - - int8 not null - price - - numeric(19, 2) not null - domain_label - - text not null - + + public."PremiumEntry" + + [table] + revision_id + + int8 not null + price + + numeric(19, 2) not null + domain_label + + text not null + premiumlist_7c3ea68b - - public."PremiumList" - - [table] - revision_id - - bigserial not null - - auto-incremented - creation_timestamp - - timestamptz - name - - text not null - bloom_filter - - bytea not null - currency - - text not null - + + public."PremiumList" + + [table] + revision_id + + bigserial not null + + auto-incremented + creation_timestamp + + timestamptz + name + + text not null + bloom_filter + + bytea not null + currency + + text not null + premiumentry_b0060b91:w->premiumlist_7c3ea68b:e - - - - - - - - fko0gw90lpo1tuee56l0nb6y6g5 + + + + + + + + fko0gw90lpo1tuee56l0nb6y6g5 rderevision_83396864 - - public."RdeRevision" - - [table] - tld - - text not null - mode - - text not null - "date" - - date not null - update_timestamp - - timestamptz - revision - - int4 not null - + + public."RdeRevision" + + [table] + tld + + text not null + mode + + text not null + "date" + + date not null + update_timestamp + + timestamptz + revision + + int4 not null + @@ -3623,300 +3626,300 @@ <h2>System Information</h2> <title> registrylock_ac88663e - - public."RegistryLock" - - [table] - revision_id - - bigserial not null - - auto-incremented - lock_completion_time - - timestamptz - lock_request_time - - timestamptz not null - domain_name - - text not null - is_superuser - - bool not null - registrar_id - - text not null - registrar_poc_id - - text - repo_id - - text not null - verification_code - - text not null - unlock_request_time - - timestamptz - unlock_completion_time - - timestamptz - last_update_time - - timestamptz not null - relock_revision_id - - int8 - relock_duration - - interval - + + public."RegistryLock" + + [table] + revision_id + + bigserial not null + + auto-incremented + lock_completion_time + + timestamptz + lock_request_time + + timestamptz not null + domain_name + + text not null + is_superuser + + bool not null + registrar_id + + text not null + registrar_poc_id + + text + repo_id + + text not null + verification_code + + text not null + unlock_request_time + + timestamptz + unlock_completion_time + + timestamptz + last_update_time + + timestamptz not null + relock_revision_id + + int8 + relock_duration + + interval + registrylock_ac88663e:w->registrylock_ac88663e:e - - - - - - - - fk2lhcwpxlnqijr96irylrh1707 + + + + + + + + fk2lhcwpxlnqijr96irylrh1707 reservedentry_1a7b8520 - - public."ReservedEntry" - - [table] - revision_id - - int8 not null - comment - - text - reservation_type - - int4 not null - domain_label - - text not null - + + public."ReservedEntry" + + [table] + revision_id + + int8 not null + comment + + text + reservation_type + + int4 not null + domain_label + + text not null + reservedlist_b97c3f1c - - public."ReservedList" - - [table] - revision_id - - bigserial not null - - auto-incremented - creation_timestamp - - timestamptz not null - name - - text not null - + + public."ReservedList" + + [table] + revision_id + + bigserial not null + + auto-incremented + creation_timestamp + + timestamptz not null + name + + text not null + reservedentry_1a7b8520:w->reservedlist_b97c3f1c:e - - - - - - - - fkgq03rk0bt1hb915dnyvd3vnfc + + + + + + + + fkgq03rk0bt1hb915dnyvd3vnfc serversecret_6cc90f09 - - public."ServerSecret" - - [table] - secret - - uuid not null - id - - int8 not null - + + public."ServerSecret" + + [table] + secret + + uuid not null + id + + int8 not null + signedmarkrevocationentry_99c39721 - - public."SignedMarkRevocationEntry" - - [table] - revision_id - - int8 not null - revocation_time - - timestamptz not null - smd_id - - text not null - + + public."SignedMarkRevocationEntry" + + [table] + revision_id + + int8 not null + revocation_time + + timestamptz not null + smd_id + + text not null + signedmarkrevocationlist_c5d968fb - - public."SignedMarkRevocationList" - - [table] - revision_id - - bigserial not null - - auto-incremented - creation_time - - timestamptz - + + public."SignedMarkRevocationList" + + [table] + revision_id + + bigserial not null + + auto-incremented + creation_time + + timestamptz + signedmarkrevocationentry_99c39721:w->signedmarkrevocationlist_c5d968fb:e - - - - - - - - fk5ivlhvs3121yx2li5tqh54u4 + + + + + + + + fk5ivlhvs3121yx2li5tqh54u4 spec11threatmatch_a61228a6 - - public."Spec11ThreatMatch" - - [table] - id - - bigserial not null - - auto-incremented - check_date - - date not null - domain_name - - text not null - domain_repo_id - - text not null - registrar_id - - text not null - threat_types - - _text not null - tld - - text not null - + + public."Spec11ThreatMatch" + + [table] + id + + bigserial not null + + auto-incremented + check_date + + date not null + domain_name + + text not null + domain_repo_id + + text not null + registrar_id + + text not null + threat_types + + _text not null + tld + + text not null + tmchcrl_d282355 - - public."TmchCrl" - - [table] - certificate_revocations - - text not null - update_timestamp - - timestamptz not null - url - - text not null - id - - int8 not null - + + public."TmchCrl" + + [table] + certificate_revocations + + text not null + update_timestamp + + timestamptz not null + url + + text not null + id + + int8 not null + userupdatehistory_24efd476 - - public."UserUpdateHistory" - - [table] - history_revision_id - - int8 not null - history_modification_time - - timestamptz not null - history_method - - text not null - history_request_body - - text - history_type - - text not null - history_url - - text not null - email_address - - text not null - registry_lock_password_hash - - text - registry_lock_password_salt - - text - global_role - - text not null - is_admin - - bool not null - registrar_roles - - hstore - update_timestamp - - timestamptz - history_acting_user - - text not null - registry_lock_email_address - - text - + + public."UserUpdateHistory" + + [table] + history_revision_id + + int8 not null + history_modification_time + + timestamptz not null + history_method + + text not null + history_request_body + + text + history_type + + text not null + history_url + + text not null + email_address + + text not null + registry_lock_password_hash + + text + registry_lock_password_salt + + text + global_role + + text not null + is_admin + + bool not null + registrar_roles + + hstore + update_timestamp + + timestamptz + history_acting_user + + text not null + registry_lock_email_address + + text + @@ -9933,6 +9936,11 @@

Tables

verification_code text not null + + + registrar_id + text not null + diff --git a/db/src/main/resources/sql/flyway.txt b/db/src/main/resources/sql/flyway.txt index 92c8eb0c702..6904f7abb3d 100644 --- a/db/src/main/resources/sql/flyway.txt +++ b/db/src/main/resources/sql/flyway.txt @@ -191,3 +191,4 @@ V190__remove_fk_registrarupdatehistory.sql V191__remove_fk_registrarpocupdatehistory.sql V192__add_last_poc_verification_date.sql V193__password_reset_request.sql +V194__password_reset_request_registrar.sql diff --git a/db/src/main/resources/sql/flyway/V194__password_reset_request_registrar.sql b/db/src/main/resources/sql/flyway/V194__password_reset_request_registrar.sql new file mode 100644 index 00000000000..a2a8f240bc8 --- /dev/null +++ b/db/src/main/resources/sql/flyway/V194__password_reset_request_registrar.sql @@ -0,0 +1,17 @@ +-- Copyright 2025 The Nomulus Authors. All Rights Reserved. +-- +-- Licensed under the Apache License, Version 2.0 (the "License"); +-- you may not use this file except in compliance with the License. +-- You may obtain a copy of the License at +-- +-- http://www.apache.org/licenses/LICENSE-2.0 +-- +-- Unless required by applicable law or agreed to in writing, software +-- distributed under the License is distributed on an "AS IS" BASIS, +-- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +-- See the License for the specific language governing permissions and +-- limitations under the License. + +ALTER TABLE "PasswordResetRequest" ADD COLUMN registrar_id text; +UPDATE "PasswordResetRequest" SET registrar_id = '' WHERE registrar_id IS NULL; +ALTER TABLE "PasswordResetRequest" ALTER COLUMN registrar_id SET NOT NULL; diff --git a/db/src/main/resources/sql/schema/nomulus.golden.sql b/db/src/main/resources/sql/schema/nomulus.golden.sql index f8962b232c5..809413e1519 100644 --- a/db/src/main/resources/sql/schema/nomulus.golden.sql +++ b/db/src/main/resources/sql/schema/nomulus.golden.sql @@ -852,7 +852,8 @@ CREATE TABLE public."PasswordResetRequest" ( requester text NOT NULL, fulfillment_time timestamp with time zone, destination_email text NOT NULL, - verification_code text NOT NULL + verification_code text NOT NULL, + registrar_id text NOT NULL );