Update user credential stored procs

2026-02-16 10:42:08 +00:00 · 2026-01-24 19:11:49 -05:00
parent 82db763951
commit 14cb05e992
4 changed files with 40 additions and 16 deletions
--- a/Database/Database.Core/scripts/03-crud/02-UserCredential/USP_AddUserCredential.sql
+++ b/Database/Database.Core/scripts/03-crud/02-UserCredential/USP_AddUserCredential.sql
@@ -1,4 +1,4 @@
-CREATE OR ALTER PROCEDURE dbo.USP_AddUpdateUserCredential(
+CREATE OR ALTER PROCEDURE dbo.USP_RotateUserCredential(
    @UserAccountId UNIQUEIDENTIFIER,
    @Hash NVARCHAR(MAX)
 )
@@ -9,25 +9,22 @@ BEGIN

    BEGIN TRANSACTION;

-    IF NOT EXISTS (
-        SELECT 1 
-        FROM dbo.UserAccount 
-        WHERE UserAccountID = @UserAccountId
-    )
-        THROW 50001, 'UserAccountID does not exist.', 1;
-    
+    IF NOT EXISTS (SELECT 1
+                   FROM dbo.UserAccount
+                   WHERE UserAccountID = @UserAccountId)
+        BEGIN
+            ROLLBACK TRANSACTION;
+        END

-    -- invalidate old credentials
-    UPDATE dbo.UserCredential 
+    -- invalidate all other credentials -- set them to revoked
+    UPDATE dbo.UserCredential
    SET IsRevoked = 1,
        RevokedAt = GETDATE()
-    WHERE UserAccountId = @UserAccountId
-      AND IsRevoked = 0;
-      
+    WHERE UserAccountId = @UserAccountId;
+
    INSERT INTO dbo.UserCredential
        (UserAccountId, Hash)
-    VALUES 
-        (@UserAccountId, @Hash);
+    VALUES (@UserAccountId, @Hash);

    COMMIT TRANSACTION;
 END;
--- a/Database/Database.Core/scripts/03-crud/02-UserCredential/USP_GetUserCredentialByUserAccountId.sql
+++ b/Database/Database.Core/scripts/03-crud/02-UserCredential/USP_GetUserCredentialByUserAccountId.sql
@@ -1,4 +1,4 @@
-CREATE OR ALTER PROCEDURE dbo.USP_GetUserCredentialByUserAccountId(
+CREATE OR ALTER PROCEDURE dbo.USP_GetActiveUserCredentialByUserAccountId(
    @UserAccountId UNIQUEIDENTIFIER
 )
 AS
--- a/Database/Database.Core/scripts/03-crud/02-UserCredential/USP_InvalidateUserCredential.sql
+++ b/Database/Database.Core/scripts/03-crud/02-UserCredential/USP_InvalidateUserCredential.sql
@@ -0,0 +1,25 @@
+CREATE OR ALTER PROCEDURE dbo.USP_InvalidateUserCredential(
+    @UserAccountId UNIQUEIDENTIFIER
+)
+AS
+BEGIN
+    SET NOCOUNT ON;
+    SET XACT_ABORT ON;
+
+    BEGIN TRANSACTION;
+
+    IF NOT EXISTS (SELECT 1
+                   FROM dbo.UserAccount
+                   WHERE UserAccountID = @UserAccountId)
+        ROLLBACK TRANSACTION 
+    
+
+    -- invalidate all other credentials by setting them to revoked
+    UPDATE dbo.UserCredential
+    SET IsRevoked = 1,
+        RevokedAt = GETDATE()
+    WHERE UserAccountId = @UserAccountId AND IsRevoked != 1;
+    
+
+    COMMIT TRANSACTION;
+END;
--- a/Repository/Repository.Core/Entities/UserAccount.cs
+++ b/Repository/Repository.Core/Entities/UserAccount.cs
@@ -12,3 +12,5 @@ public class UserAccount
    public DateTime DateOfBirth { get; set; }
    public byte[]? Timer { get; set; }
 }
+
+