-
Notifications
You must be signed in to change notification settings - Fork 326
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Sqservices 1028 be add sso SCIM attributes to user profile for team admins unvalidated email #2220
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
also good... mostly. :)
feel free to second-guess me if you can make @smatting agree with you!
@@ -200,7 +200,8 @@ data TeamContact = TeamContact | |||
teamContactSAMLIdp :: Maybe Text, | |||
teamContactRole :: Maybe Role, | |||
teamContactScimExternalId :: Maybe Text, | |||
teamContactSso :: Maybe ContactSso | |||
teamContactSso :: Maybe ContactSso, | |||
teamContactEmailUnvalidated :: Maybe Email |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is this type only visible to admins? If not, hiding the unvalidated email should be enforced:
data TeamContact f = TeamContact
{ ...
teamContactEmailUnvalidated :: f Email
}
...
userSearch :: ... -> m (TeamContact (Const ()))
...
adminSearch :: ... -> m (TeamContact Id)
...
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
AFAICT this type is only visible to team admins. It already contains potentially confidential data.
see: https://github.com/wireapp/wire-server/blob/develop/services/brig/src/Brig/User/API/Search.hs#L234
Migration 70 "Add email_unvalidated to user table" $ | ||
schema' | ||
[r| ALTER TABLE user ADD ( | ||
email_unvalidated text |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
given that changing this column and changing other columns usually don't coincided (or do they?), wouldn't it be more straight-forward and more readable to have new table?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
there is one big advantage when having it in a single table, and that is we only have to query C* once when creating/updating the ES index.
if you insist, I'm also ok with having a new table.
b9b07d9
to
c1bf280
Compare
f95d288
to
c99198d
Compare
c99198d
to
84748ca
Compare
added email_unvalidated field to user table update and delete user email unvalidated
84748ca
to
2e23596
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can you please bumpt expectedMigrationVersion
to trigger a reindexing?
Also please update oldMapping
in the brig integration tests.
as a team admin
when I search for team contacts in team management
I want to see un-validated emails in the user profiles that are returned by the search
https://wearezeta.atlassian.net/browse/SQSERVICES-1028
Checklist
make git-add-cassandra-schema
to update the cassandra schema documentation.changelog.d
.