New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Secure Admin Accounts: Remove password for code studio admins #32234
Conversation
# Remove passwords for code studio admins | ||
|
||
batch_number = 0 | ||
User.where(admin: true).where.not(encrypted_password: nil).find_in_batches(batch_size: 10) do |batch| |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
will this query complete in time? Given that you had to use SQL to execute the count
query, I would assume the same problem will present itself when you try to run this script.
It also seems unnecessary to batch a query that we expect to run on fewer than 50 rows.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I thought about this and went the route of using a transaction because it was considered a best practice. However, I do agree that it is not necessary in this case and that catching and logging the error will be more effective.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
note that transactions are used for a different concern; specifically, they ensure that you can group queries together such that if any one query fails, all others will be rolled back
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@Hamms You mention concern with how long the query will take. Any ideas on how to tackle this?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
If the query is too expensive to fit in the 30 second timeout, it's recommended to write the script in such a way that it can accept a file containing a list of ids to update; you can then run the query against the reporting database to generate that list.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
puts "PROCESSING: #{batch_number}..." | ||
ActiveRecord::Base.transaction do | ||
batch.each do |user| | ||
user.update(encrypted_password: nil) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
recommend we use
user.update(encrypted_password: nil) | |
user.update!(encrypted_password: nil) |
and catch and log errors
|
||
# Remove passwords for code studio admins | ||
|
||
batch_number = 0 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
we can remove batch_number
here and in its other usages now 🎉
|
||
ADMIN_IDS.each do |admin_id| | ||
ActiveRecord::Base.transaction do | ||
User.where(id: admin_id).update!(encrypted_password: nil) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I believe that ActiveRecord where
returns a Relation. I think we can simplify this logic with find
User.where(id: admin_id).update!(encrypted_password: nil) | |
User.find(admin_id).update!(encrypted_password: nil) |
@sureshc I tested your update and it works great! Thanks |
Description
Remove password for code studio admins since admins can only sign in via google authentication.
Links
Testing story
Dry run was performed and script was tested manually.
No. of users that have admin privileges that will be impacted below:
Reviewer Checklist: