From 8f95e7a17a21cdbdf5052949f31703042523106c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Dominic=20Le=CC=81tourneau?= <doumdi@gmail.com>
Date: Thu, 5 Sep 2024 15:58:04 -0400
Subject: [PATCH] Refs #253, Added 2fa columns to t_users

---
 .../60f5b2ed8b5a_assets_table_rework.py       |  2 +-
 .../65a42f6ee567_soft_delete_upgrade.py       |  2 +-
 .../versions/89343f5c95b9_allow_2fa_login.py  | 50 +++++++++++++++++++
 teraserver/python/alembic/versions/README.md  | 10 ++++
 4 files changed, 62 insertions(+), 2 deletions(-)
 create mode 100644 teraserver/python/alembic/versions/89343f5c95b9_allow_2fa_login.py

diff --git a/teraserver/python/alembic/versions/60f5b2ed8b5a_assets_table_rework.py b/teraserver/python/alembic/versions/60f5b2ed8b5a_assets_table_rework.py
index ba6c28442..1adc5c9f7 100644
--- a/teraserver/python/alembic/versions/60f5b2ed8b5a_assets_table_rework.py
+++ b/teraserver/python/alembic/versions/60f5b2ed8b5a_assets_table_rework.py
@@ -18,7 +18,7 @@
 
 def upgrade():
     # Change t_assets column asset_type to string - integers values should be converted directly in Postgresql
-    op.alter_column(table_name='t_assets', column_name='asset_type', type_=sa.String)
+    op.alter_column(table_name='t_assets', column_name='asset_type', type=sa.String)
 
     # Change all current values to "application/octet-stream" since that is what we have right now
     op.execute("UPDATE t_assets SET asset_type=\'application/octet-stream\'")
diff --git a/teraserver/python/alembic/versions/65a42f6ee567_soft_delete_upgrade.py b/teraserver/python/alembic/versions/65a42f6ee567_soft_delete_upgrade.py
index 0caf54f55..0656d22a6 100644
--- a/teraserver/python/alembic/versions/65a42f6ee567_soft_delete_upgrade.py
+++ b/teraserver/python/alembic/versions/65a42f6ee567_soft_delete_upgrade.py
@@ -18,7 +18,7 @@
 
 def upgrade():
     # Remove site_name unique constraint on t_sites
-    op.drop_constraint(constraint_name='t_sites_site_name_key', table_name='t_sites', type_='unique')
+    op.drop_constraint(constraint_name='t_sites_site_name_key', table_name='t_sites', type='unique')
 
     # TeraSessionParticipants.id_session add ondelete='cascade'
     op.drop_constraint(constraint_name='t_sessions_participants_id_session_fkey', table_name='t_sessions_participants',
diff --git a/teraserver/python/alembic/versions/89343f5c95b9_allow_2fa_login.py b/teraserver/python/alembic/versions/89343f5c95b9_allow_2fa_login.py
new file mode 100644
index 000000000..a113bed6f
--- /dev/null
+++ b/teraserver/python/alembic/versions/89343f5c95b9_allow_2fa_login.py
@@ -0,0 +1,50 @@
+"""allow 2fa login
+
+Revision ID: 89343f5c95b9
+Revises: 09764faa2d57
+Create Date: 2024-09-05 14:49:04.781595
+
+"""
+from alembic import op
+import sqlalchemy as sa
+
+
+# revision identifiers, used by Alembic.
+revision = '89343f5c95b9'
+down_revision = '09764faa2d57'
+branch_labels = None
+depends_on = None
+
+
+def upgrade():
+    # Add 2fa_enabled column to t_users table
+    op.add_column(table_name='t_users', column=sa.Column('user_2fa_enabled',
+                                                         sa.Boolean, nullable=False, server_default=str(False)))
+
+    # Add 2fa_otp_enabled column to t_users table
+    op.add_column(table_name='t_users', column=sa.Column('user_2fa_otp_enabled',
+                                                         sa.Boolean, nullable=False, server_default=str(False)))
+
+    # Add 2fa_email_enabled_column to t_users table
+    # Will user user_email as 2fa email
+    op.add_column(table_name='t_users', column=sa.Column('user_2fa_email_enabled',
+                                                         sa.Boolean, nullable=False, server_default=str(False)))
+
+    # Add 2fa_otp_secret column to t_users table
+    # Secrets will be generated with pytop.random_base32()
+    op.add_column(table_name='t_users', column=sa.Column('user_2fa_otp_secret',
+                                                         sa.String(32), nullable=True))
+
+    # Add a force_password_change column to t_users table
+    op.add_column(table_name='t_users', column=sa.Column('user_force_password_change',
+                                                         sa.Boolean, nullable=False, server_default=str(False)))
+
+
+def downgrade():
+    # Remove columns
+    op.drop_column('t_users', 'user_2fa_enabled')
+    op.drop_column('t_users', 'user_2fa_otp_enabled')
+    op.drop_column('t_users', 'user_2fa_email_enabled')
+    op.drop_column('t_users', 'user_2fa_otp_secret')
+    op.drop_column('t_users', 'user_force_password_change')
+
diff --git a/teraserver/python/alembic/versions/README.md b/teraserver/python/alembic/versions/README.md
index e7265c312..096fe54be 100644
--- a/teraserver/python/alembic/versions/README.md
+++ b/teraserver/python/alembic/versions/README.md
@@ -6,6 +6,16 @@
 alembic revision -m "create account table"
 ```
 
+## Changes for next version (Sept 5 2024)
+
+### TeraServer
+**Modified t_users table**
+* Add column user_2fa_enabled (Boolean, default=False)
+* Add column user_2fa_otp_enabled (Boolean, default=False)
+* Add column user_2fa_email_enabled (Boolean, default=False)
+* Add column user_2fa_otp_secret (String(32), nullable=True)
+* Add column user_force_password_change (Boolean, default=False)
+
 ## Changes for next version (Feb 6 2023)
 
 ### TeraServer