about summary refs log tree commit diff
path: root/db
diff options
context:
space:
mode:
authorEugen Rochko <eugen@zeonfederated.com>2018-12-24 19:12:38 +0100
committerGitHub <noreply@github.com>2018-12-24 19:12:38 +0100
commit5d2fc6de321ac556ded72e5a8fa9fcf47d172e16 (patch)
tree10dea7eebcb32c29c202da5e8bd009d67b4258f7 /db
parentacf9358c5267ef94373dec9c370b83b33ada75a3 (diff)
Add REST API for creating an account (#9572)
* Add REST API for creating an account

The method is available to apps with a token obtained via the client
credentials grant. It creates a user and account records, as well as
an access token for the app that initiated the request. The user is
unconfirmed, and an e-mail is sent as usual.

The method returns the access token, which the app should save for
later. The REST API is not available to users with unconfirmed
accounts, so the app must be smart to wait for the user to click a
link in their e-mail inbox.

The method is rate-limited by IP to 5 requests per 30 minutes.

* Redirect users back to app from confirmation if they were created with an app

* Add tests

* Return 403 on the method if registrations are not open

* Require agreement param to be true in the API when creating an account
Diffstat (limited to 'db')
-rw-r--r--db/migrate/20181219235220_add_created_by_application_id_to_users.rb8
-rw-r--r--db/schema.rb5
2 files changed, 12 insertions, 1 deletions
diff --git a/db/migrate/20181219235220_add_created_by_application_id_to_users.rb b/db/migrate/20181219235220_add_created_by_application_id_to_users.rb
new file mode 100644
index 000000000..17ce900af
--- /dev/null
+++ b/db/migrate/20181219235220_add_created_by_application_id_to_users.rb
@@ -0,0 +1,8 @@
+class AddCreatedByApplicationIdToUsers < ActiveRecord::Migration[5.2]
+  disable_ddl_transaction!
+
+  def change
+    add_reference :users, :created_by_application, foreign_key: { to_table: 'oauth_applications', on_delete: :nullify }, index: false
+    add_index :users, :created_by_application_id, algorithm: :concurrently
+  end
+end
diff --git a/db/schema.rb b/db/schema.rb
index 51a7b5e74..e47960b16 100644
--- a/db/schema.rb
+++ b/db/schema.rb
@@ -10,7 +10,7 @@
 #
 # It's strongly recommended that you check this file into your version control system.
 
-ActiveRecord::Schema.define(version: 2018_12_13_185533) do
+ActiveRecord::Schema.define(version: 2018_12_19_235220) do
 
   # These are extensions that must be enabled in order to support this database
   enable_extension "plpgsql"
@@ -637,8 +637,10 @@ ActiveRecord::Schema.define(version: 2018_12_13_185533) do
     t.bigint "invite_id"
     t.string "remember_token"
     t.string "chosen_languages", array: true
+    t.bigint "created_by_application_id"
     t.index ["account_id"], name: "index_users_on_account_id"
     t.index ["confirmation_token"], name: "index_users_on_confirmation_token", unique: true
+    t.index ["created_by_application_id"], name: "index_users_on_created_by_application_id"
     t.index ["email"], name: "index_users_on_email", unique: true
     t.index ["reset_password_token"], name: "index_users_on_reset_password_token", unique: true
   end
@@ -730,6 +732,7 @@ ActiveRecord::Schema.define(version: 2018_12_13_185533) do
   add_foreign_key "subscriptions", "accounts", name: "fk_9847d1cbb5", on_delete: :cascade
   add_foreign_key "users", "accounts", name: "fk_50500f500d", on_delete: :cascade
   add_foreign_key "users", "invites", on_delete: :nullify
+  add_foreign_key "users", "oauth_applications", column: "created_by_application_id", on_delete: :nullify
   add_foreign_key "web_push_subscriptions", "oauth_access_tokens", column: "access_token_id", on_delete: :cascade
   add_foreign_key "web_push_subscriptions", "users", on_delete: :cascade
   add_foreign_key "web_settings", "users", name: "fk_11910667b2", on_delete: :cascade