/ Check-in [974a9c65]
Login

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview
Comment:Get the sqlite3_user_delete() interface working.
Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | descendants | both | user-auth
Files: files | file ages | folders
SHA1:974a9c65583f7ab438d5673dc00c347ab8322855
User & Date: drh 2014-09-11 14:56:45
Context
2014-09-11
15:25
All interfaces working and tested. check-in: 96ea5c0b user: drh tags: user-auth
14:56
Get the sqlite3_user_delete() interface working. check-in: 974a9c65 user: drh tags: user-auth
14:40
Fix the sqlite3_user_change() interface so that it does allow a non-admin user to change their own password. check-in: 52d440c7 user: drh tags: user-auth
Changes
Hide Diffs Unified Diffs Ignore Whitespace Patch

Changes to ext/userauth/userauth.c.

325
326
327
328
329
330
331
332
333
334
335
336
337
338
    return SQLITE_AUTH;
  }
  if( !userTableExists(db, "main") ){
    /* This routine is a no-op if the user to be deleted does not exist */
    return SQLITE_OK;
  }
  pStmt = sqlite3UserAuthPrepare(db,
              "SELECT FROM sqlite_user WHERE uname=%Q", zUsername);
  if( pStmt==0 ) return SQLITE_NOMEM;
  sqlite3_step(pStmt);
  return sqlite3_finalize(pStmt);
}

#endif /* SQLITE_USER_AUTHENTICATION */







|






325
326
327
328
329
330
331
332
333
334
335
336
337
338
    return SQLITE_AUTH;
  }
  if( !userTableExists(db, "main") ){
    /* This routine is a no-op if the user to be deleted does not exist */
    return SQLITE_OK;
  }
  pStmt = sqlite3UserAuthPrepare(db,
              "DELETE FROM sqlite_user WHERE uname=%Q", zUsername);
  if( pStmt==0 ) return SQLITE_NOMEM;
  sqlite3_step(pStmt);
  return sqlite3_finalize(pStmt);
}

#endif /* SQLITE_USER_AUTHENTICATION */

Changes to test/userauth01.test.

106
107
108
109
110
111
112









113
















































































114
115
116
} {SQLITE_OK}
do_test userauth01-1.10 {
  sqlite3_user_authenticate db2 cindy pw-4-cindy
} {SQLITE_AUTH}
do_test userauth01-1.11 {
  sqlite3_user_authenticate db2 cindy xyzzy-cindy
} {SQLITE_OK}




























































































finish_test







>
>
>
>
>
>
>
>
>

>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>



106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
} {SQLITE_OK}
do_test userauth01-1.10 {
  sqlite3_user_authenticate db2 cindy pw-4-cindy
} {SQLITE_AUTH}
do_test userauth01-1.11 {
  sqlite3_user_authenticate db2 cindy xyzzy-cindy
} {SQLITE_OK}
do_test userauth01-1.12 {
  sqlite3_user_change db alice xyzzy-alice 1
} {SQLITE_OK}
do_test userauth01-1.13 {
  sqlite3_user_authenticate db alice pw-4-alice
} {SQLITE_AUTH}
do_test userauth01-1.14 {
  sqlite3_user_authenticate db alice xyzzy-alice
} {SQLITE_OK}

# No user may change their own admin privilege setting.
#
do_test userauth01-1.15 {
  sqlite3_user_change db alice xyzzy-alice 0
} {SQLITE_AUTH}
do_test userauth01-1.16 {
  db eval {SELECT uname, isadmin FROM sqlite_user ORDER BY uname}
} {alice 1 bob 0 cindy 0 david 0}
do_test userauth01-1.17 {
  sqlite3_user_change db2 cindy xyzzy-cindy 1
} {SQLITE_AUTH}
do_test userauth01-1.18 {
  db eval {SELECT uname, isadmin FROM sqlite_user ORDER BY uname}
} {alice 1 bob 0 cindy 0 david 0}

# The sqlite3_user_change() interface can be used to change a users
# login credentials or admin privilege.
#
do_test userauth01-1.20 {
  sqlite3_user_change db david xyzzy-david 1
} {SQLITE_OK}
do_test userauth01-1.21 {
  db eval {SELECT uname, isadmin FROM sqlite_user ORDER BY uname}
} {alice 1 bob 0 cindy 0 david 1}
do_test userauth01-1.22 {
  sqlite3_user_authenticate db2 david xyzzy-david
} {SQLITE_OK}
do_test userauth01-1.23 {
  db2 eval {SELECT uname, isadmin FROM sqlite_user ORDER BY uname}
} {alice 1 bob 0 cindy 0 david 1}
do_test userauth01-1.24 {
  sqlite3_user_change db david pw-4-david 0
} {SQLITE_OK}
do_test userauth01-1.25 {
  sqlite3_user_authenticate db2 david pw-4-david
} {SQLITE_OK}
do_test userauth01-1.26 {
  db eval {SELECT uname, isadmin FROM sqlite_user ORDER BY uname}
} {alice 1 bob 0 cindy 0 david 0}
do_test userauth01-1.27 {
  catchsql {SELECT uname, isadmin FROM sqlite_user ORDER BY uname} db2
} {1 {no such table: sqlite_user}}

# Only an admin user can change another users login
# credentials or admin privilege setting.
#
do_test userauth01-1.30 {
  sqlite3_user_change db2 bob xyzzy-bob 1
} {SQLITE_AUTH}
do_test userauth01-1.31 {
  db eval {SELECT uname, isadmin FROM sqlite_user ORDER BY uname}
} {alice 1 bob 0 cindy 0 david 0}

# The sqlite3_user_delete() interface can be used (by an admin user only)
# to delete a user.
#
do_test userauth01-1.40 {
  sqlite3_user_delete db bob
} {SQLITE_OK}
do_test userauth01-1.41 {
  db eval {SELECT uname, isadmin FROM sqlite_user ORDER BY uname}
} {alice 1 cindy 0 david 0}
do_test userauth01-1.42 {
  sqlite3_user_delete db2 cindy
} {SQLITE_AUTH}
do_test userauth01-1.43 {
  sqlite3_user_delete db2 alice
} {SQLITE_AUTH}
do_test userauth01-1.44 {
  db eval {SELECT uname, isadmin FROM sqlite_user ORDER BY uname}
} {alice 1 cindy 0 david 0}

# The currently logged-in user cannot be deleted
#
do_test userauth01-1.50 {
  sqlite3_user_delete db alice
} {SQLITE_AUTH}
do_test userauth01-1.51 {
  db eval {SELECT uname, isadmin FROM sqlite_user ORDER BY uname}
} {alice 1 cindy 0 david 0}


finish_test