Skip to content

Commit

Permalink
Merge pull request #51 from maevsi/feat/authenticate/allow-account
Browse files Browse the repository at this point in the history 
feat(authenticate): allow function execution by account role
  • Loading branch information
@dargmuesli
dargmuesli authored Dec 30, 2023
2 parents a5d3872 + 9322aa8 commit 1496657
Show file tree
Hide file tree
Showing 3 changed files with 3 additions and 2 deletions.
1 change: 1 addition & 0 deletions schema/schema.definition.sql
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3310,6 +3310,7 @@ REVOKE ALL ON FUNCTION maevsi.armor(bytea, text[], text[]) FROM PUBLIC;
--

REVOKE ALL ON FUNCTION maevsi.authenticate(username text, password text) FROM PUBLIC;
GRANT ALL ON FUNCTION maevsi.authenticate(username text, password text) TO maevsi_account;
GRANT ALL ON FUNCTION maevsi.authenticate(username text, password text) TO maevsi_anonymous;


Expand Down
2 changes: 1 addition & 1 deletion src/deploy/function_authenticate.sql
View file
Original file line number Diff line number Diff line change
Expand Up @@ -63,6 +63,6 @@ $$ LANGUAGE PLPGSQL STRICT SECURITY DEFINER;

COMMENT ON FUNCTION maevsi.authenticate(TEXT, TEXT) IS 'Creates a JWT token that will securely identify an account and give it certain permissions.';

GRANT EXECUTE ON FUNCTION maevsi.authenticate(TEXT, TEXT) TO maevsi_anonymous;
GRANT EXECUTE ON FUNCTION maevsi.authenticate(TEXT, TEXT) TO maevsi_account, maevsi_anonymous;

COMMIT;
2 changes: 1 addition & 1 deletion src/verify/function_authenticate.sql
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ BEGIN;

DO $$
BEGIN
ASSERT NOT (SELECT pg_catalog.has_function_privilege('maevsi_account', 'maevsi.authenticate(TEXT, TEXT)', 'EXECUTE'));
ASSERT (SELECT pg_catalog.has_function_privilege('maevsi_account', 'maevsi.authenticate(TEXT, TEXT)', 'EXECUTE'));
ASSERT (SELECT pg_catalog.has_function_privilege('maevsi_anonymous', 'maevsi.authenticate(TEXT, TEXT)', 'EXECUTE'));
END $$;

Expand Down

0 comments on commit 1496657

Please sign in to comment.