From e2b421c88479857831e938acb311aef5127f38b4 Mon Sep 17 00:00:00 2001 From: Ellie Huxtable Date: Tue, 27 Jan 2026 13:56:18 -0800 Subject: feat: remove user verification functionality (#3108) ## Checks - [ ] I am happy for maintainers to push small adjustments to this PR, to speed up the review cycle - [ ] I have checked that there are no existing pull requests for the same thing --------- Co-authored-by: greptile-apps[bot] <165735046+greptile-apps[bot]@users.noreply.github.com> --- .../20260127000000_remove-email-verification.sql | 2 + crates/atuin-server-postgres/src/lib.rs | 105 ++------------------- crates/atuin-server-postgres/src/wrappers.rs | 1 - 3 files changed, 10 insertions(+), 98 deletions(-) create mode 100644 crates/atuin-server-postgres/migrations/20260127000000_remove-email-verification.sql (limited to 'crates/atuin-server-postgres') diff --git a/crates/atuin-server-postgres/migrations/20260127000000_remove-email-verification.sql b/crates/atuin-server-postgres/migrations/20260127000000_remove-email-verification.sql new file mode 100644 index 00000000..15309920 --- /dev/null +++ b/crates/atuin-server-postgres/migrations/20260127000000_remove-email-verification.sql @@ -0,0 +1,2 @@ +drop table if exists user_verification_token; +alter table users drop column if exists verified_at; diff --git a/crates/atuin-server-postgres/src/lib.rs b/crates/atuin-server-postgres/src/lib.rs index 54ba2ee8..ce101d8d 100644 --- a/crates/atuin-server-postgres/src/lib.rs +++ b/crates/atuin-server-postgres/src/lib.rs @@ -5,7 +5,6 @@ use rand::Rng; use async_trait::async_trait; use atuin_common::record::{EncryptedData, HostId, Record, RecordIdx, RecordStatus}; -use atuin_common::utils::crypto_random_string; use atuin_server_database::models::{History, NewHistory, NewSession, NewUser, Session, User}; use atuin_server_database::{Database, DbError, DbResult, DbSettings}; use futures_util::TryStreamExt; @@ -13,7 +12,7 @@ use sqlx::Row; use sqlx::postgres::PgPoolOptions; use time::{OffsetDateTime, PrimitiveDateTime, UtcOffset}; -use tracing::{instrument, trace}; +use tracing::instrument; use uuid::Uuid; use wrappers::{DbHistory, DbRecord, DbSession, DbUser}; @@ -121,100 +120,18 @@ impl Database for Postgres { #[instrument(skip_all)] async fn get_user(&self, username: &str) -> DbResult { - sqlx::query_as( - "select id, username, email, password, verified_at from users where username = $1", - ) - .bind(username) - .fetch_one(self.read_pool()) - .await - .map_err(fix_error) - .map(|DbUser(user)| user) - } - - #[instrument(skip_all)] - async fn user_verified(&self, id: i64) -> DbResult { - let res: (bool,) = - sqlx::query_as("select verified_at is not null from users where id = $1") - .bind(id) - .fetch_one(self.read_pool()) - .await - .map_err(fix_error)?; - - Ok(res.0) - } - - #[instrument(skip_all)] - async fn verify_user(&self, id: i64) -> DbResult<()> { - sqlx::query( - "update users set verified_at = (current_timestamp at time zone 'utc') where id=$1", - ) - .bind(id) - .execute(&self.pool) - .await - .map_err(fix_error)?; - - Ok(()) - } - - /// Return a valid verification token for the user - /// If the user does not have any token, create one, insert it, and return - /// If the user has a token, but it's invalid, delete it, create a new one, return - /// If the user already has a valid token, return it - #[instrument(skip_all)] - async fn user_verification_token(&self, id: i64) -> DbResult { - const TOKEN_VALID_MINUTES: i64 = 15; - - // First we check if there is a verification token - let token: Option<(String, sqlx::types::time::OffsetDateTime)> = sqlx::query_as( - "select token, valid_until from user_verification_token where user_id = $1", - ) - .bind(id) - .fetch_optional(&self.pool) - .await - .map_err(fix_error)?; - - let token = if let Some((token, valid_until)) = token { - trace!("Token for user {id} valid until {valid_until}"); - - // We have a token, AND it's still valid - if valid_until > time::OffsetDateTime::now_utc() { - token - } else { - // token has expired. generate a new one, return it - let token = crypto_random_string::<24>(); - - sqlx::query("update user_verification_token set token = $2, valid_until = $3 where user_id=$1") - .bind(id) - .bind(&token) - .bind(time::OffsetDateTime::now_utc() + time::Duration::minutes(TOKEN_VALID_MINUTES)) - .execute(&self.pool) - .await - .map_err(fix_error)?; - - token - } - } else { - // No token in the database! Generate one, insert it - let token = crypto_random_string::<24>(); - - sqlx::query("insert into user_verification_token (user_id, token, valid_until) values ($1, $2, $3)") - .bind(id) - .bind(&token) - .bind(time::OffsetDateTime::now_utc() + time::Duration::minutes(TOKEN_VALID_MINUTES)) - .execute(&self.pool) - .await - .map_err(fix_error)?; - - token - }; - - Ok(token) + sqlx::query_as("select id, username, email, password from users where username = $1") + .bind(username) + .fetch_one(self.read_pool()) + .await + .map_err(fix_error) + .map(|DbUser(user)| user) } #[instrument(skip_all)] async fn get_session_user(&self, token: &str) -> DbResult { sqlx::query_as( - "select users.id, users.username, users.email, users.password, users.verified_at from users + "select users.id, users.username, users.email, users.password from users inner join sessions on users.id = sessions.user_id and sessions.token = $1", @@ -431,12 +348,6 @@ impl Database for Postgres { .await .map_err(fix_error)?; - sqlx::query("delete from user_verification_token where user_id = $1") - .bind(u.id) - .execute(&self.pool) - .await - .map_err(fix_error)?; - sqlx::query("delete from total_history_count_user where user_id = $1") .bind(u.id) .execute(&self.pool) diff --git a/crates/atuin-server-postgres/src/wrappers.rs b/crates/atuin-server-postgres/src/wrappers.rs index 0d6a0ee6..cde4134c 100644 --- a/crates/atuin-server-postgres/src/wrappers.rs +++ b/crates/atuin-server-postgres/src/wrappers.rs @@ -16,7 +16,6 @@ impl<'a> FromRow<'a, PgRow> for DbUser { username: row.try_get("username")?, email: row.try_get("email")?, password: row.try_get("password")?, - verified: row.try_get("verified_at")?, })) } } -- cgit v1.3.1