From 60a36e2c2e7addf9bdc543ecabf7be5fb86e0a11 Mon Sep 17 00:00:00 2001 From: Joe Bowers Date: Fri, 25 Sep 2015 14:24:51 -0700 Subject: [PATCH 1/3] server,db: flag for disabling user login --- .../0008_users_active_or_inactive.sql | 4 + db/migrations/assets.go | 73 ++++++++++++------- db/user.go | 3 + server/server.go | 4 + server/server_test.go | 68 +++++++++++++++++ user/user.go | 2 + 6 files changed, 129 insertions(+), 25 deletions(-) create mode 100644 db/migrations/0008_users_active_or_inactive.sql diff --git a/db/migrations/0008_users_active_or_inactive.sql b/db/migrations/0008_users_active_or_inactive.sql new file mode 100644 index 00000000..faae6b35 --- /dev/null +++ b/db/migrations/0008_users_active_or_inactive.sql @@ -0,0 +1,4 @@ +-- +migrate Up +ALTER TABLE authd_user ADD COLUMN disabled boolean; + +UPDATE authd_user SET "disabled" = FALSE; diff --git a/db/migrations/assets.go b/db/migrations/assets.go index 590aebfe..e2c76eaa 100644 --- a/db/migrations/assets.go +++ b/db/migrations/assets.go @@ -7,6 +7,7 @@ // db/migrations/0005_refresh_token_create.sql // db/migrations/0006_user_email_unique.sql // db/migrations/0007_session_scope.sql +// db/migrations/0008_users_active_or_inactive.sql // db/migrations/assets.go // DO NOT EDIT! @@ -90,7 +91,7 @@ func dbMigrations0001_initial_migrationSql() (*asset, error) { return nil, err } - info := bindataFileInfo{name: "db/migrations/0001_initial_migration.sql", size: 1388, mode: os.FileMode(436), modTime: time.Unix(1, 0)} + info := bindataFileInfo{name: "db/migrations/0001_initial_migration.sql", size: 1388, mode: os.FileMode(420), modTime: time.Unix(1, 0)} a := &asset{bytes: bytes, info: info} return a, nil } @@ -110,7 +111,7 @@ func dbMigrations0002_dex_adminSql() (*asset, error) { return nil, err } - info := bindataFileInfo{name: "db/migrations/0002_dex_admin.sql", size: 126, mode: os.FileMode(436), modTime: time.Unix(1, 0)} + info := bindataFileInfo{name: "db/migrations/0002_dex_admin.sql", size: 126, mode: os.FileMode(420), modTime: time.Unix(1, 0)} a := &asset{bytes: bytes, info: info} return a, nil } @@ -130,7 +131,7 @@ func dbMigrations0003_user_created_atSql() (*asset, error) { return nil, err } - info := bindataFileInfo{name: "db/migrations/0003_user_created_at.sql", size: 111, mode: os.FileMode(436), modTime: time.Unix(1, 0)} + info := bindataFileInfo{name: "db/migrations/0003_user_created_at.sql", size: 111, mode: os.FileMode(420), modTime: time.Unix(1, 0)} a := &asset{bytes: bytes, info: info} return a, nil } @@ -150,7 +151,7 @@ func dbMigrations0004_session_nonceSql() (*asset, error) { return nil, err } - info := bindataFileInfo{name: "db/migrations/0004_session_nonce.sql", size: 60, mode: os.FileMode(436), modTime: time.Unix(1, 0)} + info := bindataFileInfo{name: "db/migrations/0004_session_nonce.sql", size: 60, mode: os.FileMode(420), modTime: time.Unix(1, 0)} a := &asset{bytes: bytes, info: info} return a, nil } @@ -170,7 +171,7 @@ func dbMigrations0005_refresh_token_createSql() (*asset, error) { return nil, err } - info := bindataFileInfo{name: "db/migrations/0005_refresh_token_create.sql", size: 506, mode: os.FileMode(436), modTime: time.Unix(1, 0)} + info := bindataFileInfo{name: "db/migrations/0005_refresh_token_create.sql", size: 506, mode: os.FileMode(420), modTime: time.Unix(1, 0)} a := &asset{bytes: bytes, info: info} return a, nil } @@ -190,7 +191,7 @@ func dbMigrations0006_user_email_uniqueSql() (*asset, error) { return nil, err } - info := bindataFileInfo{name: "db/migrations/0006_user_email_unique.sql", size: 99, mode: os.FileMode(436), modTime: time.Unix(1, 0)} + info := bindataFileInfo{name: "db/migrations/0006_user_email_unique.sql", size: 99, mode: os.FileMode(420), modTime: time.Unix(1, 0)} a := &asset{bytes: bytes, info: info} return a, nil } @@ -210,12 +211,32 @@ func dbMigrations0007_session_scopeSql() (*asset, error) { return nil, err } - info := bindataFileInfo{name: "db/migrations/0007_session_scope.sql", size: 60, mode: os.FileMode(436), modTime: time.Unix(1, 0)} + info := bindataFileInfo{name: "db/migrations/0007_session_scope.sql", size: 60, mode: os.FileMode(420), modTime: time.Unix(1, 0)} a := &asset{bytes: bytes, info: info} return a, nil } -var _dbMigrationsAssetsGo = []byte("\x1f\x8b\x08\x00\x00\x09\x6e\x88\x00\xff\xd4\x99\xdf\x6f\xdb\x46\x12\xc7\x9f\xad\xbf\x82\x35\xd0\x42\x3a\xf8\x64\x92\xe2\x2f\x19\xe8\x4b\xdb\x1c\x90\x87\xa6\xc0\x35\xf7\x74\x3e\x08\x4b\x72\xe9\x12\x95\x25\x47\x94\x7b\x4e\x82\xfc\xef\x37\x9f\x9d\x91\xeb\xc4\x92\x9d\x38\x17\x04\x7d\x60\x2c\x2e\x67\x67\xe7\xf7\xcc\x7e\x73\x7a\x1a\xfd\xb8\x6e\x7d\x74\xe1\x57\x7e\xe3\xb6\xbe\x8d\xea\xd7\xd1\xc5\xfa\xef\x75\xbf\x6a\xdd\xd6\x4d\x47\x42\x30\xac\xaf\x37\x8d\x1f\xce\xf8\xdd\xd6\xa7\x97\xfd\x85\x50\xf6\xeb\xd5\x70\x1a\xc7\x71\xb2\xe8\x57\xfd\xb6\x77\xcb\xc5\xed\xfa\x74\x78\xb5\xdc\x4b\x9b\x2e\x5a\x7f\xb3\x70\xed\x65\x7f\x98\x66\xb6\xb8\x1e\xfc\x66\xd1\x6c\x3c\xd2\x2c\xdc\xf6\x20\x65\xb6\x18\xfc\x30\xc8\xdb\x62\xb5\x5e\x35\xfe\x20\x5d\xbe\xd8\xf8\x6e\xe3\x87\xdf\x16\xdb\xf5\xef\x7e\x65\xac\x0f\x92\x17\x2a\x80\xbf\x74\xfd\x72\x71\xbd\xea\x5f\x5d\x1f\xa6\x2d\x6f\x45\x18\x9a\xf5\xd5\x01\x3a\x37\x0c\x7e\x3b\x4c\x2f\xd6\x7c\xfa\xe9\x97\xe8\xc5\x2f\x2f\xa3\x67\x3f\x3d\x7f\xf9\xcd\x68\x74\xe5\x9a\xdf\xdd\x85\x8f\xfe\xa4\x1e\x8d\xfa\xcb\xab\xf5\x66\x1b\x8d\x47\x47\xc7\xf5\xeb\xad\x1f\x8e\xe5\x47\xb3\xbe\xbc\x12\x0d\x86\xd3\x8b\x37\xfd\x15\x0b\xdd\xe5\x96\x3f\xfd\x9a\x7f\x87\xed\xa6\x5f\x5d\x04\xc2\x75\xf8\x77\xdb\x5f\x7a\xfd\x7c\xda\xaf\xaf\xb7\xfd\x92\x97\x2b\xb7\xfd\xed\xb4\xeb\x97\x9e\x1f\xc7\xa3\xc9\x68\xd4\x5d\xaf\x9a\xc8\x1c\xfd\x4f\xef\xda\x31\x3f\xa2\x7f\xff\x87\x63\x4f\xa2\x95\xbb\xf4\x91\xb2\x9e\x44\xe3\xdd\xaa\xdf\x6c\xd6\x9b\x49\xf4\x76\x74\x74\xf1\x26\xbc\x45\x67\xdf\x47\x48\x35\x7d\xe1\xff\x0b\x13\xbf\x19\x07\xb1\x79\xff\xe1\xba\xeb\xe4\x1d\xb6\x93\xc9\xe8\xa8\xef\xc2\x86\x6f\xbe\x8f\x56\xfd\x12\x16\x47\x1b\xbf\xbd\xde\xac\x78\x3d\x89\x44\xa5\xe9\x33\xb8\x77\xe3\x63\x18\x45\xdf\xbe\x3a\x8b\xbe\xfd\xe3\x58\x25\x09\x67\x09\x8f\x77\xa3\xd1\xd1\x1f\x6e\x13\xd5\xd7\x5d\xa4\xe7\xe8\x21\xa3\xa3\x85\x8a\xf3\x7d\xd4\xaf\xa7\x3f\xae\xaf\x5e\x8f\xbf\x13\x9a\x13\x91\x4d\x76\x35\xcb\x67\x3b\x49\xa7\x3f\x2e\xd7\x83\x1f\x8b\xfa\xff\x27\x79\x60\xa3\xfc\x0f\x30\x12\x42\x95\xdb\x16\x45\xac\xe9\x0f\x88\x3e\x9e\x9c\x40\x31\x92\x6f\xdb\xd7\x57\x3e\x0a\x81\x82\xc9\xaf\x9b\x2d\x5c\x82\x7e\xe6\x0f\x39\x66\xd5\xad\xa3\x68\x3d\x4c\xff\x21\x3e\x7c\x2e\x2f\xb7\xfb\xcc\x85\xbb\xf5\x3b\x1c\xee\xf8\x70\x74\x34\xf4\x6f\x7c\xd4\xaf\xb6\x45\x36\x3a\xba\x24\xe7\x8d\xd7\xcf\xf2\x3b\xac\xbc\x94\xb0\x89\x88\x9d\x29\xbf\x60\x1f\x22\x64\xdc\xf5\x1f\x1e\x31\x89\x5e\x08\xe7\xf1\xc4\x78\x73\x94\x29\xd7\xf5\x53\x0e\x95\xcd\x87\xf7\xfe\x2a\x82\xc8\xde\x20\xca\xfb\x5b\x11\xf1\xc1\xad\xc8\x2a\x5b\xef\x48\xfe\x3e\x03\xf4\x7a\x8c\x01\xca\x09\x8f\x5b\x45\xef\x71\x30\xed\x0f\x33\x79\x3e\xfc\xd4\x6f\x84\x45\xbd\x5e\x2f\xef\xee\x76\xcb\xe1\x11\xcd\x5f\x0f\xaa\xb8\xdf\x74\xae\xf1\x6f\xdf\xdd\xd9\x6d\x91\x40\x70\x2f\xda\xfa\xe7\xdb\x8a\xb0\xbf\xc6\xfe\xfa\x6a\x29\xa1\xae\xb1\x31\x3e\x3e\xbf\x49\xba\xf3\x9b\xaa\x3e\xbf\x89\x2b\x79\x62\x7b\xe6\xe7\x37\x85\x97\x75\x5b\xeb\x84\x66\xde\xc8\x33\x3b\xbf\x69\xa0\x77\xe7\x37\xad\xec\x99\xc9\xb7\x44\x9e\xa6\x38\xbf\xf1\xb2\x5e\xca\xbe\x58\xbe\xcd\x13\xf9\x2e\xb4\x95\xac\x17\xf2\xcc\xe5\x9b\x13\x3a\x57\xca\x7b\x2b\x74\xf2\xbd\x90\xc7\xc9\x53\x67\x42\x2b\xdf\xca\x5c\xdf\x67\x42\x33\x63\x5d\xde\x53\xf8\x8a\x1c\x39\x32\xc8\xbe\x4c\x78\x26\xc2\xbf\x10\x7e\x6d\xa9\x7f\x73\x7e\xcb\xb9\x99\xd0\x25\xc2\xab\x91\xf5\xc6\xab\x4c\xec\xaf\x84\x57\x25\xeb\xb9\xe8\xd2\xca\x7b\x27\x7a\x78\x64\xaa\x75\x3f\xf2\x25\x5e\xed\xd0\xc8\x99\x71\xa9\xe7\x20\x0f\xba\x67\xec\x31\x7d\xa0\x9f\x79\xb5\x47\x2a\xfc\xe6\x9c\x23\xf2\x64\xa9\xfc\x96\x33\xb2\x4e\x75\xad\xe1\x87\xec\xb2\xde\xcd\xd5\xbe\x9d\xd0\x77\xb2\x56\xb7\x26\x27\xfa\x0a\xad\x97\xf3\xe6\xf2\x74\x42\x9b\xc9\x5a\xd1\xa8\x1d\x3c\xb6\x90\xef\x99\xf0\x9f\x21\xa3\xbc\x37\x22\x43\x2e\xbf\x67\x8d\xd2\x35\xc2\xa7\x8b\x55\xff\xb9\xec\x6f\x9d\xda\x1f\xdd\xb1\x23\x32\xa0\xb3\xcb\x55\x76\x37\x53\xbb\xb2\x07\xbb\xc4\x8d\xd9\xc6\xec\x82\x4c\xe5\xce\x5f\x9d\xca\x11\xa3\x7b\xaa\x67\x37\x22\x7b\x33\xd7\xf5\xd2\xe8\xb3\x58\x6d\xd6\xa4\x26\x8f\x7c\xf7\xad\xc6\x0b\xb6\xab\x63\xd5\x31\xae\x35\x6e\x5c\xaa\xbe\xc3\xe7\xe8\xc6\x7a\x5c\x68\x6c\x34\x89\xc6\x09\x72\xa1\x53\x22\x7f\x6b\x7c\x3e\x53\xff\x84\xd8\x60\xaf\x9c\x9b\x63\x37\xa7\x7c\x6a\xe1\x99\xca\xd9\x73\xe4\x27\x6e\xe7\x16\x9f\xb5\x9e\x41\x1c\xe3\xff\x58\xbe\xfb\x4c\x7d\x55\x13\x83\xb9\xea\xdf\xcd\xf4\x3d\x4b\x54\x16\xe8\x90\x21\xc6\xe7\x7c\x2b\x95\x7f\xb0\xbf\xf9\x33\x11\x9a\x5a\xfe\xa6\xb1\xc6\x46\xdd\x29\x3d\xb2\x95\x42\xef\xe5\x3c\x1f\xab\xfd\xb1\x67\xd3\xe8\x1a\x39\x32\x6b\xd5\x27\xe4\x12\xf1\x80\x4c\x9c\x8d\x0d\xab\xc6\xe4\x91\xf5\x2a\xd5\x3c\xc4\x5f\xc8\x0f\x3d\xfc\xb1\x2d\x32\x04\xdb\x77\x9a\x2f\x9d\xd0\x95\x33\xe5\x93\xcd\xd5\x26\xb1\xd9\x0b\x3f\x20\x53\x2e\xdf\xd3\x54\x6d\x87\x5c\xd0\x73\x46\x26\xfc\x92\x5a\xf9\x12\x77\xc4\x2a\x39\x92\x52\x07\x62\xfd\x8e\x1d\xdd\x5c\x73\x0a\xbd\xf3\x46\x73\x07\x9f\x27\x95\xc6\x05\x3e\x2b\xf9\xe6\x54\xdf\x62\xae\xf2\x39\xe2\x51\xd6\xf2\x9d\xef\x67\xca\x8b\x98\x6d\x84\x7f\x5a\xaa\xcd\x89\x4f\x6a\x0f\xf9\xe8\x88\x4b\x6a\x45\xab\xf9\x01\x0d\xb6\xc0\x3f\xc4\x45\xee\x55\x86\xac\xd5\x38\xa7\x46\xa4\xb9\xca\x4b\x5c\x06\xfd\xe7\x7a\x2e\x36\x20\x2e\xc9\x1b\xea\x0d\xf1\x04\x7d\x38\xa7\x50\x9f\x20\x4b\xa8\x83\xb2\xe6\x1b\x8d\x9d\x32\x56\xfe\xd4\x33\x74\x6e\x5b\x95\x89\xdf\xd8\x3c\x2b\xd5\x6e\x9e\x73\x85\x6f\x21\x67\x75\x4e\x6b\x50\x4e\xac\x41\x97\x6a\x8c\xe1\x3b\x7c\x0e\x0f\xd6\x52\xf8\xce\x35\x1f\xa8\x87\xf8\x9b\xbc\xad\xac\x9e\xc2\x1f\x1f\x38\xe8\x0a\xd5\xbb\x6e\xd4\x0e\xd8\x98\x78\xe5\x0c\x7c\x48\x5d\x46\x5f\xe2\xa4\xc3\xbe\x8d\xd6\x49\x6a\x98\x9f\x69\xfc\x97\xd4\xac\x4e\x75\xca\x89\x7f\x7c\x25\xeb\x75\xa5\xfe\xa5\x2e\x84\x5e\x50\x6a\x2d\xaf\x9d\xfa\x9c\xb8\x22\x8e\x76\xbd\x81\xda\xc7\xe3\xbc\xd6\x39\x72\x88\x5a\x4e\x3d\x8a\xf3\x1d\xdd\xf1\x6e\x4a\xfc\xa8\x86\x64\x43\xcd\xbe\x61\x71\x37\xfa\xdc\x19\x36\x65\x4a\xfa\xb8\x3e\x77\x22\x94\xc7\x1f\x7b\xef\x38\x16\xea\xc9\xed\xe8\xf2\x51\xfc\x91\xf8\x6f\x61\xf6\xba\x2b\x71\x18\xbe\x6e\x27\xdc\x4f\xd1\xff\xb1\xc1\xf2\x76\x1e\x0c\x13\x9d\x30\xff\x60\x4c\x78\xcb\x00\x75\x16\x7d\x82\xca\x11\x73\xd3\x59\x94\xcc\xaa\xea\x24\x62\x04\x3a\xbb\x3b\x21\x8d\xb3\x59\x31\x09\xeb\x0c\x36\x67\x3a\xf8\xfc\x6b\xd5\xdf\x8c\x93\x93\x28\x9e\xc8\x04\xeb\x90\xe2\xbb\x60\x82\xb7\x41\xef\xb3\xc8\xd4\x47\xc4\xb3\x28\xfc\x79\x77\xeb\x45\x77\xf2\xd0\xb0\x72\xe7\x92\xf7\xd4\x21\x85\x46\x15\x9a\x43\xae\x8d\x21\x0c\x02\xad\x06\x78\x6a\xcd\x34\x6d\xb4\x40\x42\x03\x3f\x12\x91\x42\x5d\x92\x40\x99\xf2\x25\x21\xe3\x56\x0b\x16\x34\xbc\x97\x99\x36\xe9\xd2\x12\x2f\xab\x8c\xff\x5c\xf9\x73\x4e\x5a\x6b\xf3\x21\xd9\x59\xa3\x79\x52\x58\x48\x74\x8a\x13\x0d\x8a\x06\x5d\xc9\xbe\xd4\x9e\xd0\xb0\xbd\x26\x1a\xc3\x45\x18\x8a\xbc\x36\xb2\xd8\x92\x90\x42\x4c\xc1\xa4\xe9\x30\x8c\x70\x06\x6b\x24\x31\xbc\x29\x60\x99\x35\x7f\x74\xeb\xec\x99\xd9\xbe\xca\x68\x28\xfa\x14\xcd\xbc\xf9\xb3\xb9\x23\x43\x90\x27\xd1\xa4\xde\x9d\x59\x54\x5a\x44\x90\x99\x81\x85\x46\x91\xdb\x10\x46\xf1\x0c\x83\x1b\xf6\x73\x5a\xac\xd1\x8f\x82\x05\x2d\xcd\x9c\x26\x40\x71\xe2\x8c\x38\xbd\x5f\x40\x90\xa9\xb6\xc6\x1b\x0a\xbd\xbf\xe3\xdb\x83\x05\xe4\xfd\x20\xf9\xec\xc2\xf1\x3e\xbb\xfd\x05\xe3\x03\xf0\xe1\xc1\x42\xf1\x3e\xbf\x27\x14\x88\xbd\xfa\x7d\xb1\xc2\x70\x4f\xb5\x5d\x41\x48\x8b\xaf\x5f\x0f\xee\x01\x3a\x7f\x95\xaa\x00\xaf\xd4\x46\x65\xde\x43\xb6\x76\xba\xc6\x35\x25\x35\x1e\xb4\x62\xf6\x87\xbd\x89\xbe\x73\x45\xa0\x85\x73\x5e\x97\xeb\x93\x5b\xc6\x05\x39\xbd\x65\x7a\xae\x99\x97\xd9\xb8\xcb\xd5\x83\x73\xe1\x03\xef\x50\x9d\x9c\x55\x26\x1b\x3f\x53\x1b\x1b\xbc\x5d\x4d\xc8\x74\xf4\x09\x72\xd8\x75\x80\xf1\xb1\x95\x27\x49\x75\x0c\xa2\x02\x90\xf9\xce\x59\xf5\x28\x74\x4c\x67\x6c\x9b\xdb\xf8\x9e\xc4\xf7\xb3\x3b\xb5\xea\xe8\xed\x2a\xc3\xf5\xe3\xf1\xec\xde\xe7\xf2\xcf\xce\xf1\x7d\x4c\xf7\x67\xfa\x5e\x08\xf1\xc1\x7c\xdf\xc7\xfb\x09\x59\xff\x80\xde\x5f\x2c\xf7\x0f\x28\xbb\xab\x00\x49\xf2\xf5\x2b\xc0\x07\x40\xed\x5f\x21\xff\x89\xfb\x5d\x8e\x93\xab\xe1\x2c\xcb\x41\xf2\xf8\x53\x73\x9e\x1c\x6e\x6a\x9b\x28\x6a\xe5\xcd\x39\xc8\x10\xce\x9a\xeb\x15\x81\xdf\xbb\xdc\x0e\xdd\x36\xbb\x9f\x93\x5c\x01\x81\x11\xb8\x2e\x61\x37\xae\x43\x8f\xe7\xe4\x7d\x27\x7c\x76\x46\xde\x67\xb9\x3f\x1f\xf7\x00\xf5\x0f\x66\xe3\x7d\xbe\x4f\xc8\xc5\x83\xfa\x7e\xb1\x4c\xdc\xab\xa6\xe5\x61\x11\x7f\xfd\x34\xdc\xff\xff\x20\x4f\xcd\x46\x2e\xc3\xf3\x58\xa3\x9f\xae\x05\xe8\x71\x0b\x24\x72\x79\xed\x34\x1b\x98\x6f\x01\xff\xc8\x38\xf6\x17\xa9\xd2\xd2\xc5\x98\x93\x99\x4b\x01\x9a\x62\x03\x43\x98\x21\xc3\xdc\x69\x73\x38\x59\x19\x2e\xfb\x06\x70\x39\x03\x1d\x99\x75\x99\x9b\x59\xe3\x72\xcc\xac\xcd\xe5\x9b\x8b\x2c\xc0\x40\x6c\xc0\x1a\xf3\x6f\x90\xc5\xe9\x85\xbf\xab\xf5\x3d\xb5\x4c\x62\x2f\x97\x74\x66\x69\xf6\xd3\x0d\x01\x0b\x00\x31\x00\x52\xb8\xb0\x03\x16\x71\x79\x4e\x0d\x2c\x00\x7c\x09\xdd\x32\xd3\xb9\x3d\x37\x70\x32\x00\x65\x00\x39\x99\x82\x78\x85\x81\x39\xb5\xd9\xc3\x1b\xb0\x0a\xa0\x1a\x1b\x40\x53\x94\xba\x06\x30\x04\xaf\xaa\xb5\x3b\x42\xa3\xa0\x5b\x6e\x15\x00\x70\x00\xc0\x0b\xc0\x04\xb9\x01\x11\xd0\x1d\x20\x36\xd8\xa1\x54\xe0\xb1\xb6\xca\x02\x00\x48\x57\x77\xb5\x76\x7c\x40\x1c\xaa\x27\xa0\x14\xfb\x59\x07\x3c\x05\x64\x00\x2c\x40\xd7\x00\x3e\x65\x0a\x6c\xa1\xf3\xdc\x40\x27\x78\xe3\xc3\xa6\xd2\x29\x82\xc9\xa2\xb0\x89\x03\xdf\x00\x20\xa1\x4b\x00\x53\xb1\x05\x3e\x28\xd5\xd7\xe8\x1d\x6c\x54\x2b\xf8\x1b\x64\x91\xef\x33\x03\xb9\x00\x2e\x00\x4b\x90\x3d\x35\x50\x97\x38\xc2\x56\x00\x63\x54\x5d\x40\x4a\xc0\x53\xe8\x01\xae\x00\x87\x6a\x03\x3b\x91\x8f\x7d\x9c\x99\x9a\x2c\x99\xc5\x67\x00\x5d\x1b\x3d\x97\x29\xae\x33\xe0\x1b\x40\x16\x5a\x26\x1a\xec\x4c\x3c\x31\x49\xd5\x06\x24\xe2\x0f\xc0\x3c\xc0\x16\xe4\x4e\xed\x6e\x83\x5c\x00\x7b\x80\x4b\x8d\xf1\x72\x06\x4c\x05\x70\xac\x52\x10\x89\x18\x63\x1f\x40\x51\x65\x20\x17\xdd\x07\x7d\x00\xba\xd9\x1f\x40\x3c\xa7\xb1\x8a\xaf\xb0\x03\x7b\x2a\xab\xfc\xc4\x58\x00\x8a\x66\x7a\xf7\x44\x26\x57\x19\xf0\xed\x34\x4f\x39\x3b\x31\x79\xb8\x77\x11\x23\xb1\x81\x61\x80\x73\xd8\x26\x80\xec\x06\x1e\x03\x2e\x71\x16\xb2\x38\x03\xf4\x5a\xbb\xeb\x66\x99\xfa\x0e\xbf\x05\x10\xb5\x51\xff\x32\x41\xee\xf4\x09\xf9\xd0\x69\xa7\x0a\x31\xe8\xd4\xee\xe4\x06\x20\x1c\xa0\x16\xf6\x23\xb7\x82\x6d\xbd\xc6\x10\x76\x23\x27\xa0\x05\x44\xed\x0c\x78\xfd\xb0\xb3\x91\xaf\xf8\x3b\xe8\xd9\x6a\xce\x86\x7b\xe7\x83\x9d\xed\x60\x5d\xfb\xec\x06\x77\x90\xf3\xfe\x3e\x77\xf8\x3f\x9a\x1f\x6c\x77\x07\x4f\x79\x42\xd7\x7b\xcc\x16\xf7\x9a\xdf\xff\x02\x00\x00\xff\xff\x3c\x2b\x49\x80\x00\x20\x00\x00") +var _dbMigrations0008_users_active_or_inactiveSql = []byte("\x1f\x8b\x08\x00\x00\x09\x6e\x88\x00\xff\xd2\xd5\x55\xd0\xce\xcd\x4c\x2f\x4a\x2c\x49\x55\x08\x2d\xe0\x72\xf4\x09\x71\x0d\x52\x08\x71\x74\xf2\x71\x55\x48\x2c\x2d\xc9\x48\x89\x2f\x2d\x4e\x2d\x52\x70\x74\x71\x51\x70\xf6\xf7\x09\xf5\xf5\x53\x48\xc9\x2c\x4e\x4c\xca\x49\x4d\x51\x48\xca\xcf\xcf\x49\x4d\xcc\xb3\xe6\xe2\x0a\x0d\x70\x71\x0c\x41\x51\x1f\xec\x1a\xa2\xa0\x04\x53\xa9\xa4\x60\xab\xe0\xe6\xe8\x13\xec\x6a\xcd\x05\x08\x00\x00\xff\xff\x06\x75\x98\x47\x6e\x00\x00\x00") + +func dbMigrations0008_users_active_or_inactiveSqlBytes() ([]byte, error) { + return bindataRead( + _dbMigrations0008_users_active_or_inactiveSql, + "db/migrations/0008_users_active_or_inactive.sql", + ) +} + +func dbMigrations0008_users_active_or_inactiveSql() (*asset, error) { + bytes, err := dbMigrations0008_users_active_or_inactiveSqlBytes() + if err != nil { + return nil, err + } + + info := bindataFileInfo{name: "db/migrations/0008_users_active_or_inactive.sql", size: 110, mode: os.FileMode(420), modTime: time.Unix(1, 0)} + a := &asset{bytes: bytes, info: info} + return a, nil +} + +var _dbMigrationsAssetsGo = []byte("\x1f\x8b\x08\x00\x00\x09\x6e\x88\x00\xff\xd4\x99\xdf\x6f\xdb\x46\x12\xc7\x9f\xad\xbf\x82\x35\xd0\x42\x3a\xf8\x64\x92\x22\x45\xca\x40\x5e\x9a\xe4\x80\x3c\x34\x05\xae\xb9\xa7\xf3\x41\x58\x92\x4b\x97\xa8\x2c\x3a\xa2\x9c\x73\x12\xe4\x7f\xbf\xf9\xec\x8c\x5c\x27\x96\x9c\x5f\x17\x04\x7d\x60\x2c\x2e\x67\xe7\xf7\xcc\xce\x7e\x73\x7a\x1a\x3d\xee\x1b\x1f\x5d\xf8\xb5\xdf\xb8\xad\x6f\xa2\xea\x75\x74\xd1\xff\xbd\xea\xd6\x8d\xdb\xba\xe9\x48\x08\x86\xfe\x7a\x53\xfb\xe1\x8c\xdf\x4d\x75\x7a\xd9\x5d\x08\x65\xd7\xaf\x87\xd3\x38\x8e\x93\x65\xb7\xee\xb6\x9d\x5b\x2d\x6f\xd7\xa7\xc3\xcb\xd5\x5e\xda\x74\xd9\xf8\x9b\xa5\x6b\x2e\xbb\xc3\x34\xb3\xe5\xf5\xe0\x37\xcb\x7a\xe3\xd1\x66\xe9\xb6\x07\x29\xb3\xe5\xe0\x87\x41\xde\x96\xeb\x7e\x5d\xfb\x83\x74\xf9\x72\xe3\xdb\x8d\x1f\x7e\x5f\x6e\xfb\x3f\xfc\xda\x58\x1f\x24\x9f\xab\x02\xfe\xd2\x75\xab\xe5\xf5\xba\x7b\x79\x7d\x98\xb6\xb8\x55\x61\xa8\xfb\xab\xc3\x74\x65\xe0\x39\x2c\x5d\xbd\xed\x5e\xf9\x65\xbf\x11\xa7\xe9\xef\xfd\x5b\xdc\x30\xf8\xed\x30\xbd\xe8\xf9\xf4\xe4\xd7\xe8\xf9\xaf\x2f\xa2\xa7\x4f\x9e\xbd\xf8\x61\x34\xba\x72\xf5\x1f\xee\xc2\x47\x7f\x52\x8f\x46\xdd\xe5\x55\xbf\xd9\x46\xe3\xd1\xd1\x71\xf5\x7a\xeb\x87\x63\xf9\x51\xf7\x97\x57\x62\xf4\x70\x7a\xf1\xa6\xbb\x62\xa1\xbd\xdc\xf2\xa7\xeb\xf9\x77\xd8\x6e\xba\xf5\x45\x20\xec\xc3\xbf\xdb\xee\xd2\xeb\xe7\xd3\xae\xbf\xde\x76\x2b\x5e\xae\xdc\xf6\xf7\xd3\xb6\x5b\x79\x7e\x1c\x8f\x26\xa3\x51\x7b\xbd\xae\x23\xcb\x8d\x7f\x7a\xd7\x8c\xf9\x11\xfd\xfb\x3f\x88\x3d\x89\xd6\xee\xd2\x47\xca\x7a\x12\x8d\x77\xab\x7e\xb3\xe9\x37\x93\xe8\xed\xe8\xe8\xe2\x4d\x78\x8b\xce\x1e\x45\x68\x35\x7d\xee\xff\x0b\x13\xbf\x19\x07\xb5\x79\xff\xf9\xba\x6d\xe5\x1d\xb6\x93\xc9\xe8\xa8\x6b\xc3\x86\x1f\x1e\x45\xeb\x6e\x05\x8b\xa3\x8d\xdf\x5e\x6f\xd6\xbc\x9e\x44\x62\xd2\xf4\x29\xdc\xdb\xf1\x31\x8c\xa2\x1f\x5f\x9e\x45\x3f\xbe\x3a\x56\x4d\x82\x2c\xe1\xf1\x6e\x34\x3a\x7a\xe5\x36\x51\x75\xdd\x46\x2a\x47\x85\x8c\x8e\x96\xaa\xce\xa3\xa8\xeb\xa7\x8f\xfb\xab\xd7\xe3\x9f\x84\xe6\x44\x74\x93\x5d\xf5\xea\xe9\x4e\xd3\xe9\xe3\x55\x3f\xf8\xb1\x98\xff\x7f\xd2\x07\x36\xca\xff\x00\x23\x21\x54\xbd\x6d\x51\xd4\x9a\xfe\x8c\xea\xe3\xc9\x09\x14\x23\xf9\xb6\x7d\x7d\xe5\xa3\x90\x28\xb8\xfc\xba\xde\xc2\x25\xd8\x67\xf1\x10\x31\xeb\xb6\x8f\xa2\x7e\x98\xfe\x43\x62\xf8\x4c\x5e\x6e\xf7\x59\x08\x77\xeb\x77\x38\xdc\x89\xe1\xe8\x68\xe8\xde\xf8\xa8\x5b\x6f\xe7\xd9\xe8\xe8\x92\x36\x61\xbc\x7e\x91\xdf\x61\xe5\x85\xa4\x4d\x44\xee\x4c\xf9\x05\xfb\x90\x21\xe3\xb6\xfb\x50\xc4\x24\x7a\x2e\x9c\xc7\x13\xe3\x8d\x28\x33\xae\xed\xa6\x08\x95\xcd\x87\xf7\xfe\x26\x8a\xc8\xde\xa0\xca\xfb\x5b\x51\xf1\xc1\xad\xe8\x2a\x5b\xef\x68\xfe\x3e\x03\xec\xfa\x18\x03\x8c\x13\x1e\xb7\x86\xde\xe3\x60\xd6\x1f\x66\xf2\x6c\x78\xd2\x6d\x84\x45\xd5\xf7\xab\xbb\xbb\xdd\x6a\xf8\x88\xe5\xaf\x07\x35\xdc\x6f\x5a\x57\xfb\xb7\xef\xee\xec\xb6\x4c\x20\xb9\x97\x4d\xf5\xcb\x6d\x47\xd8\xdf\x96\x7f\x7b\xb9\x92\x54\xd7\xdc\x18\x1f\x9f\xdf\x24\xed\xf9\x4d\x59\x9d\xdf\xc4\xa5\x3c\xb1\x3d\x8b\xf3\x9b\xb9\x97\x75\x5b\x6b\x85\x66\x51\xcb\x33\x3b\xbf\xa9\xa1\x77\xe7\x37\x8d\xec\x99\xc9\xb7\x44\x9e\x7a\x7e\x7e\xe3\x65\xbd\x90\x7d\xb1\x7c\x5b\x24\xf2\x5d\x68\x4b\x59\x9f\xcb\xb3\x90\x6f\x4e\xe8\x5c\x21\xef\x8d\xd0\xc9\xf7\xb9\x3c\x4e\x9e\x2a\x13\x5a\xf9\x56\xe4\xfa\x3e\x13\x9a\x19\xeb\xf2\x9e\xc2\x57\xf4\xc8\xd1\x41\xf6\x65\xc2\x33\x11\xfe\x73\xe1\xd7\x14\xfa\x37\xe7\xb7\xc8\xcd\x84\x2e\x11\x5e\xb5\xac\xd7\x5e\x75\x62\x7f\x29\xbc\x4a\x59\xcf\xc5\x96\x46\xde\x5b\xb1\xc3\xa3\x53\xa5\xfb\xd1\x2f\xf1\xea\x87\x5a\x64\xc6\x85\xca\x41\x1f\x6c\xcf\xd8\x63\xf6\x40\x3f\xf3\xea\x8f\x54\xf8\x2d\x90\x23\xfa\x64\xa9\xfc\x16\x19\x59\xab\xb6\x56\xf0\x43\x77\x59\x6f\x17\xea\xdf\x56\xe8\x5b\x59\xab\x1a\xd3\x13\x7b\x85\xd6\x8b\xbc\x85\x3c\xad\xd0\x66\xb2\x36\xaf\xd5\x0f\x1e\x5f\xc8\xf7\x4c\xf8\xcf\xd0\x51\xde\x6b\xd1\x21\x97\xdf\xb3\x5a\xe9\x6a\xe1\xd3\xc6\x6a\xff\x42\xf6\x37\x4e\xfd\x8f\xed\xf8\x11\x1d\xb0\xd9\xe5\xaa\xbb\x9b\xa9\x5f\xd9\x83\x5f\xe2\xda\x7c\x63\x7e\x41\xa7\x62\x17\xaf\x56\xf5\x88\xb1\x3d\x55\xd9\xb5\xe8\x5e\x2f\x74\xbd\x30\xfa\x2c\x56\x9f\xd5\xa9\xe9\x23\xdf\x7d\xa3\xf9\x82\xef\xaa\x58\x6d\x8c\x2b\xcd\x1b\x97\x6a\xec\x88\x39\xb6\xb1\x1e\xcf\x35\x37\xea\x44\xf3\x04\xbd\xb0\x29\x91\xbf\x15\x31\x9f\x69\x7c\x42\x6e\xb0\x57\xe4\xe6\xf8\xcd\x29\x9f\x4a\x78\xa6\x22\x7b\x81\xfe\xe4\xed\xc2\xf2\xb3\x52\x19\xe4\x31\xf1\x8f\xe5\xbb\xcf\x34\x56\x15\x39\x98\xab\xfd\xed\x4c\xdf\xb3\x44\x75\x81\x0e\x1d\x62\x62\xce\xb7\x42\xf9\x07\xff\x5b\x3c\x13\xa1\xa9\xe4\x6f\x1a\x6b\x6e\x54\xad\xd2\xa3\x5b\x21\xf4\x5e\xe4\xf9\x58\xfd\x8f\x3f\xeb\x5a\xd7\xa8\x91\x59\xa3\x31\xa1\x96\xc8\x07\x74\x42\x36\x3e\x2c\x6b\xd3\x47\xd6\xcb\x54\xeb\x90\x78\xa1\x3f\xf4\xf0\xc7\xb7\xe8\x10\x7c\xdf\x6a\xbd\xb4\x42\x57\xcc\x94\x4f\xb6\x50\x9f\xc4\xe6\x2f\xe2\x80\x4e\xb9\x7c\x4f\x53\xf5\x1d\x7a\x41\x8f\x8c\x4c\xf8\x25\x95\xf2\x25\xef\xc8\x55\x6a\x24\xa5\x0f\xc4\xfa\x1d\x3f\xba\x85\xd6\x14\x76\xe7\xb5\xd6\x0e\x31\x4f\x4a\xcd\x0b\x62\x56\xf0\xcd\xa9\xbd\xf3\x85\xea\xe7\xc8\x47\x59\xcb\x77\xb1\x9f\x29\x2f\x72\xb6\x16\xfe\x69\xa1\x3e\x27\x3f\xe9\x3d\xd4\xa3\x23\x2f\xe9\x15\x8d\xd6\x07\x34\xf8\x82\xf8\x90\x17\xb9\x57\x1d\xb2\x46\xf3\x9c\x1e\x91\xe6\xaa\x2f\x79\x19\xec\x5f\xa8\x5c\x7c\x40\x5e\x52\x37\xf4\x1b\xf2\x09\xfa\x20\x67\xae\x31\x41\x97\xd0\x07\x65\xcd\xd7\x9a\x3b\x45\xac\xfc\xe9\x67\xd8\xdc\x34\xaa\x13\xbf\xf1\x79\x56\xa8\xdf\x3c\x72\x85\xef\x5c\x64\xb5\x4e\x7b\x50\x4e\xae\x41\x97\x6a\x8e\x11\x3b\x62\x0e\x0f\xd6\x52\xf8\x2e\xb4\x1e\xe8\x87\xc4\x9b\xba\x2d\xad\x9f\xc2\x9f\x18\x38\xe8\xe6\x6a\x77\x55\xab\x1f\xf0\x31\xf9\x8a\x0c\x62\x48\x5f\xc6\x5e\xf2\xa4\xc5\xbf\xb5\xf6\x49\x7a\x98\x9f\x69\xfe\x17\xf4\xac\x56\x6d\xca\xc9\x7f\x62\x25\xeb\x55\xa9\xf1\xa5\x2f\x84\xb3\xa0\xd0\x5e\x5e\x39\x8d\x39\x79\x45\x1e\xed\xce\x06\x7a\x1f\x8f\xf3\xda\xe7\xa8\x21\x7a\x39\xfd\x28\xce\x77\x74\xc7\xbb\x29\xf1\x93\x0e\x24\x1b\x6a\xf6\x0d\x8b\xbb\xd1\xe7\xce\xb0\x29\x53\xd2\xa7\x9d\x73\x27\x42\x79\xfc\xa9\x57\x95\x63\xa1\x9e\xdc\x8e\x2e\x9f\xc4\x1f\x8d\xff\x16\x66\xaf\xbb\x1a\x87\xe1\xeb\x76\xc2\xfd\x1c\xfb\x3f\x36\x58\xde\xce\x83\x61\xa2\x13\xe6\x1f\x8c\x09\x6f\x19\xa0\xce\xa2\xcf\x30\x39\x62\x6e\x3a\x8b\x92\x59\x59\x9e\x44\x8c\x40\x67\x77\x27\xa4\x71\x96\xc6\x93\xb0\xce\x60\x73\xa6\x83\xcf\xbf\xd6\xdd\xcd\x38\x39\x89\xe2\x89\x4c\xb0\x0e\x2d\x7e\x0a\x2e\x78\x1b\xec\x3e\x8b\xcc\x7c\x54\x3c\x8b\xc2\x9f\x77\xb7\x51\x74\x27\x0f\x0d\x2b\x77\xee\x85\x5f\x3a\xa4\x70\x50\x85\xc3\x21\xd7\x83\x21\x0c\x02\x8d\x26\x78\x6a\x87\x69\x5a\x6b\x83\x84\x06\x7e\x14\x22\x8d\xba\xa0\x80\x32\xe5\x4b\x41\xc6\x8d\x36\x2c\x68\x78\x2f\x32\x3d\xa4\x0b\x2b\xbc\xac\x34\xfe\x0b\xe5\x8f\x9c\xb4\xd2\xc3\x87\x62\x67\x8d\xc3\x93\xc6\x42\xa1\xd3\x9c\x38\xa0\x38\xa0\x4b\xd9\x97\xda\x13\x0e\x6c\xaf\x85\xc6\x70\x11\x86\x22\xaf\x07\x59\x6c\x45\x48\x23\xa6\x61\x72\xe8\x30\x8c\x20\x83\x35\x8a\x18\xde\x34\xb0\xcc\x0e\x7f\x6c\x6b\xed\x99\xd9\xbe\xd2\x68\x68\xfa\x34\xcd\xbc\xfe\xf3\x70\x47\x87\xa0\x4f\xa2\x45\xbd\x93\x39\x2f\xb5\x89\xa0\x33\x03\x0b\x07\x45\x6e\x43\x18\xcd\x33\x0c\x6e\xf8\xcf\x69\xb3\xc6\x3e\x1a\x16\xb4\x1c\xe6\x1c\x02\x34\x27\x64\xc4\xe9\xfd\x06\x82\x4e\x95\x1d\xbc\xa1\xd1\xfb\x3b\xb1\x3d\xd8\x40\xde\x4f\x92\xaf\x6e\x1c\xef\xb3\xdb\xdf\x30\x3e\xc0\x2b\x1e\x6c\x14\xef\xf3\xfb\x82\x06\xb1\xd7\xbe\x6f\xd6\x18\xee\x99\xb6\x6b\x08\xe9\xfc\xfb\xf7\x83\x7b\x18\xd0\x5f\xa5\x2b\xc0\x2b\xb5\x51\x99\xf7\x50\xad\xad\xae\x71\x4d\x49\x8d\x07\x47\x31\xfb\xc3\xde\x44\xdf\xb9\x22\x70\x84\x23\xaf\xcd\xf5\xc9\xad\xe2\x82\x9e\xde\x2a\x3d\xd7\xca\xcb\x6c\xdc\xe5\xea\x81\x5c\xf8\xc0\x3b\x74\x27\x67\x9d\xc9\xc6\xcf\xd4\xc6\x06\x6f\x57\x13\x2a\x1d\x7b\x82\x1e\x76\x1d\x60\x7c\x6c\xe4\x49\x52\x1d\x83\xe8\x00\x54\xbe\x73\xd6\x3d\xe6\x3a\xa6\x33\xb6\x2d\x6c\x7c\x4f\xe2\xfb\xd5\x9d\x5a\x77\xf4\x76\x95\xe1\xfa\xf1\xf1\xea\xde\x17\xf2\xaf\xae\xf1\x7d\x4c\xf7\x57\xfa\x5e\xd4\xf1\xc1\x7a\xdf\xc7\xfb\x0b\xaa\xfe\x01\xbb\xbf\x59\xed\x1f\x30\x76\xd7\x01\x92\xe4\xfb\x77\x80\x0f\xb0\xdd\xbf\x42\xfd\x93\xf7\xbb\x1a\xa7\x56\x83\x2c\xab\x41\xea\xf8\x73\x6b\x9e\x1a\xae\x2b\x9b\x28\x2a\xe5\x8d\x1c\x74\x08\xb2\x16\x7a\x45\xe0\xf7\xae\xb6\xc3\x69\x9b\xdd\xaf\x49\xae\x80\xc0\x08\x5c\x97\xf0\x1b\xd7\xa1\x8f\xd7\xe4\xfd\x20\x7c\x75\x45\xde\x67\xb9\xbf\x1e\xf7\x60\xfb\x0f\x56\xe3\x7d\xbe\x5f\x50\x8b\x07\xed\xfd\x66\x95\xb8\xd7\x4c\xab\xc3\x79\xfc\xfd\xcb\x70\xff\x7f\x9d\x7c\x69\x35\x72\x19\x5e\xc4\x9a\xfd\x9c\x5a\x80\x1e\xb7\x40\x22\x97\xd7\x56\xab\x81\xf9\x16\xf0\x8f\x8a\x63\xff\x3c\x55\x5a\x4e\x31\xe6\x64\xe6\x52\x80\xa6\xd8\xc0\x10\x66\xc8\x30\x77\xda\x1c\x4e\x55\x86\xcb\xbe\x01\x5c\xce\x40\x47\x66\x5d\xe6\x66\xd6\xb8\x1c\x33\x6b\x73\xf9\xe6\x22\x0b\x30\x10\x1b\xb0\xc6\xfc\x1b\x74\x71\x7a\xe1\x6f\x2b\x7d\x4f\xad\x92\xd8\xcb\x25\x9d\x59\x9a\xfd\x9c\x86\x80\x05\x80\x18\x00\x29\x5c\xd8\x01\x8b\xb8\x3c\xa7\x06\x16\x00\xbe\x84\xd3\x32\xd3\xb9\x3d\x37\x70\x32\x00\x65\x00\x39\x99\x82\x78\x73\x03\x73\x2a\xf3\x87\x37\x60\x15\x40\x35\x36\x80\x66\x5e\xe8\x1a\xc0\x10\xbc\xca\xc6\xee\x08\xb5\x82\x6e\xb9\x75\x00\xc0\x01\x00\x2f\x00\x13\xf4\x06\x44\xc0\x76\x80\xd8\xe0\x87\x42\x81\xc7\xca\x3a\x0b\x00\x20\xa7\xba\xab\xf4\xc4\x07\xc4\xa1\x7b\x02\x4a\xb1\x9f\x75\xc0\x53\x40\x06\xc0\x02\x6c\x0d\xe0\x53\xa6\xc0\x16\x36\x2f\x0c\x74\x82\x37\x31\xac\x4b\x9d\x22\x98\x2c\xe6\x36\x71\x10\x1b\x00\x24\x6c\x09\x60\x2a\xbe\x20\x06\x85\xc6\x1a\xbb\x83\x8f\x2a\x05\x7f\x83\x2e\xf2\x7d\x66\x20\x17\xc0\x05\x60\x09\xba\xa7\x06\xea\x92\x47\xf8\x0a\x60\x8c\xae\x0b\x48\x09\x78\x0a\x3d\xc0\x15\xe0\x50\x65\x60\x27\xfa\xb1\x0f\x99\xa9\xe9\x92\x59\x7e\x06\xd0\xb5\x56\xb9\x4c\x71\xad\x01\xdf\x00\xb2\xd0\x32\xd1\xe0\x67\xf2\x89\x49\xaa\x32\x20\x91\x78\x00\xe6\x01\xb6\xa0\x77\x6a\x77\x1b\xf4\x02\xd8\x03\x5c\xaa\x8d\x97\x33\x60\x2a\x80\x63\xa5\x82\x48\xe4\x18\xfb\x00\x8a\x4a\x03\xb9\x38\x7d\xb0\x07\xa0\x9b\xfd\x01\xc4\x73\x9a\xab\xc4\x0a\x3f\xb0\xa7\xb4\xce\x4f\x8e\x05\xa0\x68\xa6\x77\x4f\x74\x72\xa5\x01\xdf\x4e\xeb\x14\xd9\x89\xe9\xc3\xbd\x8b\x1c\x89\x0d\x0c\x03\x9c\xc3\x37\x01\x64\x37\xf0\x18\x70\x09\x59\xe8\xe2\x0c\xd0\x6b\xec\xae\x9b\x65\x1a\x3b\xe2\x16\x40\xd4\x5a\xe3\xcb\x04\xb9\xb3\x27\xd4\x43\xab\x27\x55\xc8\x41\xa7\x7e\xa7\x36\x00\xe1\x00\xb5\xf0\x1f\xb5\x15\x7c\xeb\x35\x87\xf0\x1b\x35\x01\x2d\x20\x6a\x6b\xc0\xeb\x87\x27\x1b\xf5\x4a\xbc\x83\x9d\x8d\xd6\x6c\xb8\x77\x3e\x78\xb2\x1d\xec\x6b\x5f\x7d\xc0\x1d\xe4\xbc\xff\x9c\x3b\xfc\x7f\xd3\x0f\x1e\x77\x07\xa5\x7c\xf6\xa9\xf7\xbf\x00\x00\x00\xff\xff\x5e\xab\x5f\x3a\x00\x20\x00\x00") func dbMigrationsAssetsGoBytes() ([]byte, error) { return bindataRead( @@ -230,7 +251,7 @@ func dbMigrationsAssetsGo() (*asset, error) { return nil, err } - info := bindataFileInfo{name: "db/migrations/assets.go", size: 20480, mode: os.FileMode(436), modTime: time.Unix(1, 0)} + info := bindataFileInfo{name: "db/migrations/assets.go", size: 20480, mode: os.FileMode(420), modTime: time.Unix(1, 0)} a := &asset{bytes: bytes, info: info} return a, nil } @@ -287,14 +308,15 @@ func AssetNames() []string { // _bindata is a table, holding each asset generator, mapped to its name. var _bindata = map[string]func() (*asset, error){ - "db/migrations/0001_initial_migration.sql": dbMigrations0001_initial_migrationSql, - "db/migrations/0002_dex_admin.sql": dbMigrations0002_dex_adminSql, - "db/migrations/0003_user_created_at.sql": dbMigrations0003_user_created_atSql, - "db/migrations/0004_session_nonce.sql": dbMigrations0004_session_nonceSql, - "db/migrations/0005_refresh_token_create.sql": dbMigrations0005_refresh_token_createSql, - "db/migrations/0006_user_email_unique.sql": dbMigrations0006_user_email_uniqueSql, - "db/migrations/0007_session_scope.sql": dbMigrations0007_session_scopeSql, - "db/migrations/assets.go": dbMigrationsAssetsGo, + "db/migrations/0001_initial_migration.sql": dbMigrations0001_initial_migrationSql, + "db/migrations/0002_dex_admin.sql": dbMigrations0002_dex_adminSql, + "db/migrations/0003_user_created_at.sql": dbMigrations0003_user_created_atSql, + "db/migrations/0004_session_nonce.sql": dbMigrations0004_session_nonceSql, + "db/migrations/0005_refresh_token_create.sql": dbMigrations0005_refresh_token_createSql, + "db/migrations/0006_user_email_unique.sql": dbMigrations0006_user_email_uniqueSql, + "db/migrations/0007_session_scope.sql": dbMigrations0007_session_scopeSql, + "db/migrations/0008_users_active_or_inactive.sql": dbMigrations0008_users_active_or_inactiveSql, + "db/migrations/assets.go": dbMigrationsAssetsGo, } // AssetDir returns the file names below a certain @@ -340,14 +362,15 @@ type bintree struct { var _bintree = &bintree{nil, map[string]*bintree{ "db": &bintree{nil, map[string]*bintree{ "migrations": &bintree{nil, map[string]*bintree{ - "0001_initial_migration.sql": &bintree{dbMigrations0001_initial_migrationSql, map[string]*bintree{}}, - "0002_dex_admin.sql": &bintree{dbMigrations0002_dex_adminSql, map[string]*bintree{}}, - "0003_user_created_at.sql": &bintree{dbMigrations0003_user_created_atSql, map[string]*bintree{}}, - "0004_session_nonce.sql": &bintree{dbMigrations0004_session_nonceSql, map[string]*bintree{}}, - "0005_refresh_token_create.sql": &bintree{dbMigrations0005_refresh_token_createSql, map[string]*bintree{}}, - "0006_user_email_unique.sql": &bintree{dbMigrations0006_user_email_uniqueSql, map[string]*bintree{}}, - "0007_session_scope.sql": &bintree{dbMigrations0007_session_scopeSql, map[string]*bintree{}}, - "assets.go": &bintree{dbMigrationsAssetsGo, map[string]*bintree{}}, + "0001_initial_migration.sql": &bintree{dbMigrations0001_initial_migrationSql, map[string]*bintree{}}, + "0002_dex_admin.sql": &bintree{dbMigrations0002_dex_adminSql, map[string]*bintree{}}, + "0003_user_created_at.sql": &bintree{dbMigrations0003_user_created_atSql, map[string]*bintree{}}, + "0004_session_nonce.sql": &bintree{dbMigrations0004_session_nonceSql, map[string]*bintree{}}, + "0005_refresh_token_create.sql": &bintree{dbMigrations0005_refresh_token_createSql, map[string]*bintree{}}, + "0006_user_email_unique.sql": &bintree{dbMigrations0006_user_email_uniqueSql, map[string]*bintree{}}, + "0007_session_scope.sql": &bintree{dbMigrations0007_session_scopeSql, map[string]*bintree{}}, + "0008_users_active_or_inactive.sql": &bintree{dbMigrations0008_users_active_or_inactiveSql, map[string]*bintree{}}, + "assets.go": &bintree{dbMigrationsAssetsGo, map[string]*bintree{}}, }}, }}, }} diff --git a/db/user.go b/db/user.go index 1857b5c3..5f9c0435 100644 --- a/db/user.go +++ b/db/user.go @@ -417,6 +417,7 @@ type userModel struct { Email string `db:"email"` EmailVerified bool `db:"email_verified"` DisplayName string `db:"display_name"` + Disabled bool `db:"disabled"` Admin bool `db:"admin"` CreatedAt int64 `db:"created_at"` } @@ -428,6 +429,7 @@ func (u *userModel) user() (user.User, error) { Email: u.Email, EmailVerified: u.EmailVerified, Admin: u.Admin, + Disabled: u.Disabled, } if u.CreatedAt != 0 { @@ -444,6 +446,7 @@ func newUserModel(u *user.User) (*userModel, error) { Email: u.Email, EmailVerified: u.EmailVerified, Admin: u.Admin, + Disabled: u.Disabled, } if !u.CreatedAt.IsZero() { diff --git a/server/server.go b/server/server.go index fc56ca12..b8bf9098 100644 --- a/server/server.go +++ b/server/server.go @@ -326,6 +326,10 @@ func (s *Server) Login(ident oidc.Identity, key string) (string, error) { return "", err } + if usr.Disabled { + return "", user.ErrorNotFound + } + ses, err = s.SessionManager.AttachUser(sessionID, usr.ID) if err != nil { return "", err diff --git a/server/server_test.go b/server/server_test.go index c1ca06ce..d6a62c55 100644 --- a/server/server_test.go +++ b/server/server_test.go @@ -261,6 +261,74 @@ func TestServerLoginUnrecognizedSessionKey(t *testing.T) { } } +func TestServerLoginDisabledUser(t *testing.T) { + ci := oidc.ClientIdentity{ + Credentials: oidc.ClientCredentials{ + ID: "XXX", + Secret: "secrete", + }, + Metadata: oidc.ClientMetadata{ + RedirectURLs: []url.URL{ + url.URL{ + Scheme: "http", + Host: "client.example.com", + Path: "/callback", + }, + }, + }, + } + ciRepo := client.NewClientIdentityRepo([]oidc.ClientIdentity{ci}) + + km := &StaticKeyManager{ + signer: &StaticSigner{sig: []byte("beer"), err: nil}, + } + + sm := session.NewSessionManager(session.NewSessionRepo(), session.NewSessionKeyRepo()) + sm.GenerateCode = staticGenerateCodeFunc("fakecode") + sessionID, err := sm.NewSession("test_connector_id", ci.Credentials.ID, "bogus", ci.Metadata.RedirectURLs[0], "", false, []string{"openid"}) + if err != nil { + t.Fatalf("Unexpected error: %v", err) + } + + userRepo, err := makeNewUserRepo() + if err != nil { + t.Fatalf("Unexpected error: %v", err) + } + + err = userRepo.Create(nil, user.User{ + ID: "disabled-1", + Email: "disabled@example.com", + Disabled: true, + }) + if err != nil { + t.Fatalf("Unexpected error: %v", err) + } + + err = userRepo.AddRemoteIdentity(nil, "disabled-1", user.RemoteIdentity{ + ConnectorID: "test_connector_id", + ID: "disabled-connector-id", + }) + + srv := &Server{ + IssuerURL: url.URL{Scheme: "http", Host: "server.example.com"}, + KeyManager: km, + SessionManager: sm, + ClientIdentityRepo: ciRepo, + UserRepo: userRepo, + } + + ident := oidc.Identity{ID: "disabled-connector-id", Name: "elroy", Email: "elroy@example.com"} + key, err := sm.NewSessionKey(sessionID) + if err != nil { + t.Fatalf("Unexpected error: %v", err) + } + + _, err = srv.Login(ident, key) + if err == nil { + t.Errorf("disabled user was allowed to log in") + } +} + func TestServerCodeToken(t *testing.T) { ci := oidc.ClientIdentity{ Credentials: oidc.ClientCredentials{ diff --git a/user/user.go b/user/user.go index 97963c65..c6b48465 100644 --- a/user/user.go +++ b/user/user.go @@ -41,6 +41,8 @@ type User struct { Admin bool + Disabled bool + CreatedAt time.Time } From ffabe03bc0e844663fc9aea9389d04b2e145fc85 Mon Sep 17 00:00:00 2001 From: Joe Bowers Date: Fri, 25 Sep 2015 14:36:33 -0700 Subject: [PATCH 2/3] server: don't allow disabled users to access the api --- integration/user_api_test.go | 52 +++++++++++++++++++++++++++++++++--- server/user.go | 4 +++ user/api/api_test.go | 9 +++++++ 3 files changed, 61 insertions(+), 4 deletions(-) diff --git a/integration/user_api_test.go b/integration/user_api_test.go index 15d32849..6ed8f8da 100644 --- a/integration/user_api_test.go +++ b/integration/user_api_test.go @@ -53,6 +53,14 @@ var ( Email: "Email-3@example.com", }, }, + { + User: user.User{ + ID: "ID-4", + Email: "Email-4@example.com", + Admin: true, + Disabled: true, + }, + }, } userPasswords = []user.PasswordInfo{ @@ -60,6 +68,10 @@ var ( UserID: "ID-1", Password: []byte("hi."), }, + { + UserID: "ID-4", + Password: []byte("hi."), + }, } userBadClientID = "ZZZ" @@ -75,6 +87,9 @@ var ( userBadTokenExpired = makeUserToken(testIssuerURL, "ID-1", testClientID, time.Hour*-1, testPrivKey) + + userBadTokenDisabled = makeUserToken(testIssuerURL, + "ID-4", testClientID, time.Hour*1, testPrivKey) ) func makeUserAPITestFixtures() *userAPITestFixtures { @@ -166,6 +181,11 @@ func TestGetUser(t *testing.T) { }, { id: "ID-1", + token: userBadTokenDisabled, + errCode: http.StatusUnauthorized, // TODO test with custom err before merge + }, { + id: "ID-1", + token: "", errCode: http.StatusUnauthorized, }, { @@ -229,20 +249,28 @@ func TestListUsers(t *testing.T) { wantIDs [][]string }{ { - pages: 3, + pages: 4, maxResults: 1, token: userGoodToken, - wantIDs: [][]string{{"ID-1"}, {"ID-2"}, {"ID-3"}}, + wantIDs: [][]string{{"ID-1"}, {"ID-2"}, {"ID-3"}, {"ID-4"}}, }, { pages: 1, token: userGoodToken, - maxResults: 3, - wantIDs: [][]string{{"ID-1", "ID-2", "ID-3"}}, + maxResults: 4, + wantIDs: [][]string{{"ID-1", "ID-2", "ID-3", "ID-4"}}, + }, + { + pages: 1, + + token: userBadTokenDisabled, + + maxResults: 1, + wantCode: http.StatusUnauthorized, // TODO don't merge until you're sure this is covering what you expect }, { pages: 3, @@ -417,6 +445,22 @@ func TestCreateUser(t *testing.T) { // try every variation like in TestGetUser token: userBadTokenExpired, + wantCode: http.StatusUnauthorized, + }, + { + req: schema.UserCreateRequest{ + User: &schema.User{ + Email: "newuser@example.com", + DisplayName: "New User", + EmailVerified: true, + Admin: false, + CreatedAt: clock.Now().Format(time.RFC3339), + }, + RedirectURL: testRedirectURL.String(), + }, + + token: userBadTokenDisabled, + wantCode: http.StatusUnauthorized, }, } diff --git a/server/user.go b/server/user.go index 64ce05d0..a57ca769 100644 --- a/server/user.go +++ b/server/user.go @@ -200,6 +200,10 @@ func (s *UserMgmtServer) getCreds(r *http.Request) (api.Creds, error) { return api.Creds{}, err } + if usr.Disabled { + return api.Creds{}, api.ErrorUnauthorized + } + isAdmin, err := s.cir.IsDexAdmin(clientID) if err != nil { log.Errorf("userMgmtServer: GetCreds err: %q", err) diff --git a/user/api/api_test.go b/user/api/api_test.go index a48a220a..439e52c8 100644 --- a/user/api/api_test.go +++ b/user/api/api_test.go @@ -52,6 +52,15 @@ var ( }, } + disabledCreds = Creds{ + User: user.User{ + ID: "ID-1", + Admin: true, + Disabled: true, + }, + ClientID: "XXX", + } + resetPasswordURL = url.URL{ Host: "dex.example.com", Path: "resetPassword", From fbbb3cc2dfc817e086a1f6e0399bce46f73ecf26 Mon Sep 17 00:00:00 2001 From: Joe Bowers Date: Fri, 25 Sep 2015 17:29:59 -0700 Subject: [PATCH 3/3] server: all authorizations fail for disabled users --- integration/user_api_test.go | 2 +- server/user.go | 4 ---- user/api/api.go | 2 +- 3 files changed, 2 insertions(+), 6 deletions(-) diff --git a/integration/user_api_test.go b/integration/user_api_test.go index 6ed8f8da..6d18c857 100644 --- a/integration/user_api_test.go +++ b/integration/user_api_test.go @@ -182,7 +182,7 @@ func TestGetUser(t *testing.T) { id: "ID-1", token: userBadTokenDisabled, - errCode: http.StatusUnauthorized, // TODO test with custom err before merge + errCode: http.StatusUnauthorized, }, { id: "ID-1", diff --git a/server/user.go b/server/user.go index a57ca769..64ce05d0 100644 --- a/server/user.go +++ b/server/user.go @@ -200,10 +200,6 @@ func (s *UserMgmtServer) getCreds(r *http.Request) (api.Creds, error) { return api.Creds{}, err } - if usr.Disabled { - return api.Creds{}, api.ErrorUnauthorized - } - isAdmin, err := s.cir.IsDexAdmin(clientID) if err != nil { log.Errorf("userMgmtServer: GetCreds err: %q", err) diff --git a/user/api/api.go b/user/api/api.go index cfc94ae3..2c072811 100644 --- a/user/api/api.go +++ b/user/api/api.go @@ -197,7 +197,7 @@ func (u *UsersAPI) ListUsers(creds Creds, maxResults int, nextPageToken string) } func (u *UsersAPI) Authorize(creds Creds) bool { - return creds.User.Admin + return creds.User.Admin && !creds.User.Disabled } func userToSchemaUser(usr user.User) schema.User {