Update user credential stored procs

2026-02-16 10:42:08 +00:00 · 2026-01-24 19:11:49 -05:00
parent 82db763951
commit 14cb05e992
4 changed files with 40 additions and 16 deletions
--- a/Database/Database.Core/scripts/03-crud/02-UserCredential/USP_AddUserCredential.sql
+++ b/Database/Database.Core/scripts/03-crud/02-UserCredential/USP_AddUserCredential.sql
@@ -1,4 +1,4 @@
-CREATE OR ALTER PROCEDURE dbo.USP_AddUpdateUserCredential(
+CREATE OR ALTER PROCEDURE dbo.USP_RotateUserCredential(
    @UserAccountId UNIQUEIDENTIFIER,
    @Hash NVARCHAR(MAX)
 )
@@ -9,25 +9,22 @@ BEGIN
    BEGIN TRANSACTION;
-    IF NOT EXISTS (
+    IF NOT EXISTS (SELECT 1
-        SELECT 1 
+                   FROM dbo.UserAccount
-        FROM dbo.UserAccount 
+                   WHERE UserAccountID = @UserAccountId)
-        WHERE UserAccountID = @UserAccountId
+        BEGIN
-    )
+            ROLLBACK TRANSACTION;
-        THROW 50001, 'UserAccountID does not exist.', 1;
+        END
-    -- invalidate old credentials
+    -- invalidate all other credentials -- set them to revoked
-    UPDATE dbo.UserCredential 
+    UPDATE dbo.UserCredential
    SET IsRevoked = 1,
        RevokedAt = GETDATE()
-    WHERE UserAccountId = @UserAccountId
+    WHERE UserAccountId = @UserAccountId;
-      AND IsRevoked = 0;
+
    INSERT INTO dbo.UserCredential
        (UserAccountId, Hash)
-    VALUES 
+    VALUES (@UserAccountId, @Hash);
        (@UserAccountId, @Hash);
    COMMIT TRANSACTION;
 END;
--- a/Database/Database.Core/scripts/03-crud/02-UserCredential/USP_GetUserCredentialByUserAccountId.sql
+++ b/Database/Database.Core/scripts/03-crud/02-UserCredential/USP_GetUserCredentialByUserAccountId.sql
@@ -1,4 +1,4 @@
-CREATE OR ALTER PROCEDURE dbo.USP_GetUserCredentialByUserAccountId(
+CREATE OR ALTER PROCEDURE dbo.USP_GetActiveUserCredentialByUserAccountId(
    @UserAccountId UNIQUEIDENTIFIER
 )
 AS
--- a/Database/Database.Core/scripts/03-crud/02-UserCredential/USP_InvalidateUserCredential.sql
+++ b/Database/Database.Core/scripts/03-crud/02-UserCredential/USP_InvalidateUserCredential.sql
@@ -0,0 +1,25 @@
 CREATE OR ALTER PROCEDURE dbo.USP_InvalidateUserCredential(
    @UserAccountId UNIQUEIDENTIFIER
 )
 AS
 BEGIN
    SET NOCOUNT ON;
    SET XACT_ABORT ON;
    BEGIN TRANSACTION;
    IF NOT EXISTS (SELECT 1
                   FROM dbo.UserAccount
                   WHERE UserAccountID = @UserAccountId)
        ROLLBACK TRANSACTION 
    -- invalidate all other credentials by setting them to revoked
    UPDATE dbo.UserCredential
    SET IsRevoked = 1,
        RevokedAt = GETDATE()
    WHERE UserAccountId = @UserAccountId AND IsRevoked != 1;
    COMMIT TRANSACTION;
 END;
--- a/Repository/Repository.Core/Entities/UserAccount.cs
+++ b/Repository/Repository.Core/Entities/UserAccount.cs
@@ -12,3 +12,5 @@ public class UserAccount
    public DateTime DateOfBirth { get; set; }
    public byte[]? Timer { get; set; }
 }