From 8a81893bdd0baae20f1d99fd3e935c0d4d839ab8 Mon Sep 17 00:00:00 2001 From: Leif Battermann Date: Fri, 17 Jan 2025 08:54:12 +0000 Subject: [PATCH] removed auth_token from domain registration table --- integration/test/Test/DomainVerification.hs | 2 +- libs/wire-api/src/Wire/API/EnterpriseLogin.hs | 8 ++-- .../Wire/API/Golden/Manual/EnterpriseLogin.hs | 18 +++------ .../testObject_DomainRegistration_1.json | 1 - .../testObject_DomainRegistration_2.json | 1 - .../testObject_DomainRegistration_3.json | 1 - .../testObject_DomainRegistration_4.json | 1 - .../testObject_DomainRegistration_5.json | 1 - .../testObject_DomainRegistration_6.json | 1 - .../src/Wire/DomainRegistrationStore.hs | 4 +- .../Wire/DomainRegistrationStore/Cassandra.hs | 12 +----- .../src/Wire/EnterpriseLoginSubsystem.hs | 5 --- .../EnterpriseLoginSubsystem/Interpreter.hs | 33 +++++------------ services/brig/brig.cabal | 1 - services/brig/src/Brig/API/Public.hs | 18 +-------- services/brig/src/Brig/Schema/Run.hs | 4 +- ...89_DomainRegistrationTable_addAuthToken.hs | 37 ------------------- 17 files changed, 27 insertions(+), 121 deletions(-) delete mode 100644 services/brig/src/Brig/Schema/V89_DomainRegistrationTable_addAuthToken.hs diff --git a/integration/test/Test/DomainVerification.hs b/integration/test/Test/DomainVerification.hs index f65c3b1e726..083167112a4 100644 --- a/integration/test/Test/DomainVerification.hs +++ b/integration/test/Test/DomainVerification.hs @@ -105,7 +105,7 @@ testDomainVerificationWrongAuth = do ) $ \resp -> do resp.status `shouldMatchInt` 403 - resp.json %. "label" `shouldMatch` "invalid-domain-verification-auth-token" + resp.json %. "label" `shouldMatch` "domain-verification-failed" where generateWrongToken :: App String generateWrongToken = do diff --git a/libs/wire-api/src/Wire/API/EnterpriseLogin.hs b/libs/wire-api/src/Wire/API/EnterpriseLogin.hs index e9466760a45..080ad7e15e9 100644 --- a/libs/wire-api/src/Wire/API/EnterpriseLogin.hs +++ b/libs/wire-api/src/Wire/API/EnterpriseLogin.hs @@ -230,8 +230,7 @@ data DomainRegistration = DomainRegistration { domain :: Domain, domainRedirect :: DomainRedirect, teamInvite :: TeamInvite, - dnsVerificationToken :: Maybe DnsVerificationToken, - authToken :: Maybe DomainVerificationAuthToken + dnsVerificationToken :: Maybe DnsVerificationToken } deriving stock (Eq, Show) deriving (ToJSON, FromJSON, OpenApi.ToSchema) via Schema DomainRegistration @@ -244,7 +243,6 @@ instance ToSchema DomainRegistration where <*> (.domainRedirect) .= domainRedirectSchema <*> (.teamInvite) .= teamInviteObjectSchema <*> (.dnsVerificationToken) .= optField "dns_verification_token" (maybeWithDefault Aeson.Null schema) - <*> (.authToken) .= optField "auth_token" (maybeWithDefault Aeson.Null schema) -- | Bearer authentication token for domain verification requests. data DomainVerificationAuthToken @@ -257,7 +255,9 @@ parseDomainVerificationAuthToken txt = do bytes <- B64U.decodeUnpadded (Text.encodeUtf8 txt) (flag, bytes') <- note "Empty authentication token" $ B.uncons bytes case flag of - 0 -> pure (DomainVerificationAuthTokenRandom bytes') + 0 -> do + unless (BS.length bytes' == 32) $ Left "Invalid random auth token length" + pure (DomainVerificationAuthTokenRandom bytes') 1 -> DomainVerificationAuthTokenTeam . Id <$> note diff --git a/libs/wire-api/test/golden/Test/Wire/API/Golden/Manual/EnterpriseLogin.hs b/libs/wire-api/test/golden/Test/Wire/API/Golden/Manual/EnterpriseLogin.hs index c040e2ee17c..b6a416e578d 100644 --- a/libs/wire-api/test/golden/Test/Wire/API/Golden/Manual/EnterpriseLogin.hs +++ b/libs/wire-api/test/golden/Test/Wire/API/Golden/Manual/EnterpriseLogin.hs @@ -32,8 +32,7 @@ testObject_DomainRegistration_1 = { domain = Domain "example.com", domainRedirect = Locked, teamInvite = Allowed, - dnsVerificationToken = Nothing, - authToken = Nothing + dnsVerificationToken = Nothing } testObject_DomainRegistration_2 :: DomainRegistration @@ -42,8 +41,7 @@ testObject_DomainRegistration_2 = { domain = Domain "example.com", domainRedirect = None, teamInvite = NotAllowed, - dnsVerificationToken = Nothing, - authToken = Nothing + dnsVerificationToken = Nothing } testObject_DomainRegistration_3 :: DomainRegistration @@ -52,8 +50,7 @@ testObject_DomainRegistration_3 = { domain = Domain "example.com", domainRedirect = SSO (SAML.IdPId $ fromJust (UUID.fromString "abf7c0b2-f4e6-4588-8fbb-3b4bf2344284")), teamInvite = Team $ Id (fromJust (UUID.fromString "abf7c0b2-f4e6-4588-8fbb-3b4bf2344284")), - dnsVerificationToken = Nothing, - authToken = Nothing + dnsVerificationToken = Nothing } testObject_DomainRegistration_4 :: DomainRegistration @@ -62,8 +59,7 @@ testObject_DomainRegistration_4 = { domain = Domain "example.com", domainRedirect = Backend (HttpsUrl (fromRight' (parseURI strictURIParserOptions "https://example.com/inv14"))), teamInvite = Allowed, - dnsVerificationToken = Nothing, - authToken = Nothing + dnsVerificationToken = Nothing } testObject_DomainRegistration_5 :: DomainRegistration @@ -72,8 +68,7 @@ testObject_DomainRegistration_5 = { domain = Domain "example.com", domainRedirect = NoRegistration, teamInvite = Allowed, - dnsVerificationToken = Nothing, - authToken = Nothing + dnsVerificationToken = Nothing } testObject_DomainRegistration_6 :: DomainRegistration @@ -82,8 +77,7 @@ testObject_DomainRegistration_6 = { domain = Domain "example.com", domainRedirect = PreAuthorized, teamInvite = Allowed, - dnsVerificationToken = Just $ DnsVerificationToken "wire-domain-Ym9vCg::example.com", - authToken = Just $ DomainVerificationAuthTokenRandom "Ym9vCg" + dnsVerificationToken = Just $ DnsVerificationToken "wire-domain-Ym9vCg::example.com" } testObject_DomainRegistrationUpdate_1 :: DomainRegistrationUpdate diff --git a/libs/wire-api/test/golden/testObject_DomainRegistration_1.json b/libs/wire-api/test/golden/testObject_DomainRegistration_1.json index c75cb6caea4..f495e59e8a7 100644 --- a/libs/wire-api/test/golden/testObject_DomainRegistration_1.json +++ b/libs/wire-api/test/golden/testObject_DomainRegistration_1.json @@ -1,5 +1,4 @@ { - "auth_token": null, "dns_verification_token": null, "domain": "example.com", "domain_redirect": "locked", diff --git a/libs/wire-api/test/golden/testObject_DomainRegistration_2.json b/libs/wire-api/test/golden/testObject_DomainRegistration_2.json index f851a3dbcc3..d045b902f39 100644 --- a/libs/wire-api/test/golden/testObject_DomainRegistration_2.json +++ b/libs/wire-api/test/golden/testObject_DomainRegistration_2.json @@ -1,5 +1,4 @@ { - "auth_token": null, "dns_verification_token": null, "domain": "example.com", "domain_redirect": "none", diff --git a/libs/wire-api/test/golden/testObject_DomainRegistration_3.json b/libs/wire-api/test/golden/testObject_DomainRegistration_3.json index eea4c80e095..e584ad6cb6f 100644 --- a/libs/wire-api/test/golden/testObject_DomainRegistration_3.json +++ b/libs/wire-api/test/golden/testObject_DomainRegistration_3.json @@ -1,5 +1,4 @@ { - "auth_token": null, "dns_verification_token": null, "domain": "example.com", "domain_redirect": "sso", diff --git a/libs/wire-api/test/golden/testObject_DomainRegistration_4.json b/libs/wire-api/test/golden/testObject_DomainRegistration_4.json index 6a0252b7858..ab9f562c57a 100644 --- a/libs/wire-api/test/golden/testObject_DomainRegistration_4.json +++ b/libs/wire-api/test/golden/testObject_DomainRegistration_4.json @@ -1,5 +1,4 @@ { - "auth_token": null, "backend_url": "https://example.com/inv14", "dns_verification_token": null, "domain": "example.com", diff --git a/libs/wire-api/test/golden/testObject_DomainRegistration_5.json b/libs/wire-api/test/golden/testObject_DomainRegistration_5.json index c5b26ab26be..79951e58026 100644 --- a/libs/wire-api/test/golden/testObject_DomainRegistration_5.json +++ b/libs/wire-api/test/golden/testObject_DomainRegistration_5.json @@ -1,5 +1,4 @@ { - "auth_token": null, "dns_verification_token": null, "domain": "example.com", "domain_redirect": "no-registration", diff --git a/libs/wire-api/test/golden/testObject_DomainRegistration_6.json b/libs/wire-api/test/golden/testObject_DomainRegistration_6.json index d0f806b3ce2..4c3b7580631 100644 --- a/libs/wire-api/test/golden/testObject_DomainRegistration_6.json +++ b/libs/wire-api/test/golden/testObject_DomainRegistration_6.json @@ -1,5 +1,4 @@ { - "auth_token": "Ym9vCg", "dns_verification_token": "wire-domain-Ym9vCg::example.com", "domain": "example.com", "domain_redirect": "pre-authorized", diff --git a/libs/wire-subsystems/src/Wire/DomainRegistrationStore.hs b/libs/wire-subsystems/src/Wire/DomainRegistrationStore.hs index fbdaa616bce..45596a5e3cd 100644 --- a/libs/wire-subsystems/src/Wire/DomainRegistrationStore.hs +++ b/libs/wire-subsystems/src/Wire/DomainRegistrationStore.hs @@ -18,8 +18,7 @@ data StoredDomainRegistration = StoredDomainRegistration idpId :: Maybe SAML.IdPId, backendUrl :: Maybe HttpsUrl, team :: Maybe TeamId, - dnsVerificationToken :: Maybe DnsVerificationToken, - authToken :: Maybe DomainVerificationAuthToken + dnsVerificationToken :: Maybe DnsVerificationToken } deriving (Show, Eq, Ord, Generic) @@ -29,6 +28,5 @@ data DomainRegistrationStore m a where Upsert :: StoredDomainRegistration -> DomainRegistrationStore m () Lookup :: Domain -> DomainRegistrationStore m (Maybe StoredDomainRegistration) Delete :: Domain -> DomainRegistrationStore m () - InsertAuthToken :: Domain -> DomainVerificationAuthToken -> DomainRegistrationStore m () makeSem ''DomainRegistrationStore diff --git a/libs/wire-subsystems/src/Wire/DomainRegistrationStore/Cassandra.hs b/libs/wire-subsystems/src/Wire/DomainRegistrationStore/Cassandra.hs index e09e2824b5e..a5062481bce 100644 --- a/libs/wire-subsystems/src/Wire/DomainRegistrationStore/Cassandra.hs +++ b/libs/wire-subsystems/src/Wire/DomainRegistrationStore/Cassandra.hs @@ -11,7 +11,6 @@ import Database.CQL.Protocol (Record (..), TupleType, asTuple) import Imports hiding (lookup) import Polysemy import SAML2.WebSSO qualified as SAML -import Wire.API.EnterpriseLogin import Wire.DomainRegistrationStore (DomainRegistrationStore (..), StoredDomainRegistration (..)) deriving instance Cql SAML.IdPId @@ -27,7 +26,6 @@ interpretDomainRegistrationStoreToCassandra casClient = Upsert dr -> upsert dr Lookup domain -> lookup domain Delete domain -> delete domain - InsertAuthToken domain authToken -> insertAuthToken domain authToken upsert :: (MonadClient m) => StoredDomainRegistration -> m () upsert dr = retry x5 $ write cqlUpsert (params LocalQuorum (asTuple dr)) @@ -40,17 +38,11 @@ lookup domain = delete :: (MonadClient m) => Domain -> m () delete domain = retry x5 $ write cqlDelete (params LocalQuorum (Identity domain)) -insertAuthToken :: (MonadClient m) => Domain -> DomainVerificationAuthToken -> m () -insertAuthToken domain authToken = retry x5 $ write cqlInsertAuthToken (params LocalQuorum (authToken, domain)) - cqlUpsert :: PrepQuery W (TupleType StoredDomainRegistration) () -cqlUpsert = "INSERT INTO domain_registration (domain, domain_redirect, team_invite, idp_id, backend_url, team, dns_verification_token, auth_token) VALUES (?,?,?,?,?,?,?,?)" +cqlUpsert = "INSERT INTO domain_registration (domain, domain_redirect, team_invite, idp_id, backend_url, team, dns_verification_token) VALUES (?,?,?,?,?,?,?)" cqlSelect :: PrepQuery R (Identity Domain) (TupleType StoredDomainRegistration) -cqlSelect = "SELECT domain, domain_redirect, team_invite, idp_id, backend_url, team, dns_verification_token, auth_token FROM domain_registration WHERE domain = ?" +cqlSelect = "SELECT domain, domain_redirect, team_invite, idp_id, backend_url, team, dns_verification_token FROM domain_registration WHERE domain = ?" cqlDelete :: PrepQuery W (Identity Domain) () cqlDelete = "DELETE FROM domain_registration WHERE domain = ?" - -cqlInsertAuthToken :: PrepQuery W (DomainVerificationAuthToken, Domain) () -cqlInsertAuthToken = "UPDATE domain_registration SET auth_token = ? WHERE domain = ?" diff --git a/libs/wire-subsystems/src/Wire/EnterpriseLoginSubsystem.hs b/libs/wire-subsystems/src/Wire/EnterpriseLoginSubsystem.hs index 935fa104b49..989114ef3d9 100644 --- a/libs/wire-subsystems/src/Wire/EnterpriseLoginSubsystem.hs +++ b/libs/wire-subsystems/src/Wire/EnterpriseLoginSubsystem.hs @@ -24,12 +24,7 @@ data EnterpriseLoginSubsystem m a where Domain -> DomainVerificationAuthToken -> EnterpriseLoginSubsystem m Bool - CheckAuthToken :: - Domain -> - DomainVerificationAuthToken -> - EnterpriseLoginSubsystem m Bool GenerateAuthToken :: - Domain -> EnterpriseLoginSubsystem m DomainVerificationAuthToken makeSem ''EnterpriseLoginSubsystem diff --git a/libs/wire-subsystems/src/Wire/EnterpriseLoginSubsystem/Interpreter.hs b/libs/wire-subsystems/src/Wire/EnterpriseLoginSubsystem/Interpreter.hs index 34c50dd8bd8..04eaf7efdd7 100644 --- a/libs/wire-subsystems/src/Wire/EnterpriseLoginSubsystem/Interpreter.hs +++ b/libs/wire-subsystems/src/Wire/EnterpriseLoginSubsystem/Interpreter.hs @@ -79,26 +79,14 @@ runEnterpriseLoginSubsystem = interpret $ VerifyDNSRecord domain authToken -> runInputSem (wireServerEnterpriseEndpoint <$> input) $ verifyDNSRecordImpl domain authToken - CheckAuthToken domain authToken -> checkAuthTokenImpl domain authToken - GenerateAuthToken domain -> generateAuthTokenImpl domain - -checkAuthTokenImpl :: (Member DomainRegistrationStore r) => Domain -> DomainVerificationAuthToken -> Sem r Bool -checkAuthTokenImpl domain authToken = do - mDomRep <- lookup domain - pure $ fromMaybe False $ do - domRep <- mDomRep - pure $ domRep.authToken == Just authToken + GenerateAuthToken -> generateAuthTokenImpl generateAuthTokenImpl :: - ( Member Random r, - Member DomainRegistrationStore r + ( Member Random r ) => - Domain -> Sem r DomainVerificationAuthToken -generateAuthTokenImpl domain = do - authToken <- DomainVerificationAuthTokenRandom <$> Wire.Sem.Random.bytes 32 - insertAuthToken domain authToken - pure authToken +generateAuthTokenImpl = + DomainVerificationAuthTokenRandom <$> Wire.Sem.Random.bytes 32 deleteDomainImpl :: ( Member DomainRegistrationStore r, @@ -168,7 +156,7 @@ updateDomainRegistrationImpl domain update = do let new = dr {teamInvite = update.teamInvite, domainRedirect = update.domainRedirect} :: DomainRegistration audit mOld new *> upsert (toStored new) Nothing -> do - let new = DomainRegistration domain update.domainRedirect update.teamInvite Nothing Nothing + let new = DomainRegistration domain update.domainRedirect update.teamInvite Nothing audit mOld new *> upsert (toStored new) where audit :: Maybe DomainRegistration -> DomainRegistration -> Sem r () @@ -191,7 +179,7 @@ lockDomainImpl :: Sem r () lockDomainImpl domain = do mOld <- tryGetDomainRegistrationImpl domain - let new = DomainRegistration domain Locked Allowed Nothing Nothing + let new = DomainRegistration domain Locked Allowed Nothing audit mOld new *> upsert (toStored new) where url :: Builder @@ -243,7 +231,7 @@ preAuthorizeImpl domain = do mOld <- tryGetDomainRegistrationImpl domain case mOld of Nothing -> do - let new = DomainRegistration domain PreAuthorized Allowed Nothing Nothing + let new = DomainRegistration domain PreAuthorized Allowed Nothing audit mOld new *> upsert (toStored new) Just old | old.domainRedirect == None -> do let new = old {domainRedirect = PreAuthorized} :: DomainRegistration @@ -349,11 +337,10 @@ fromStored sdr = <$> getDomainRedirect sdr <*> getTeamInvite sdr <*> pure sdr.dnsVerificationToken - <*> pure sdr.authToken where getTeamInvite :: StoredDomainRegistration -> Maybe TeamInvite getTeamInvite = \case - StoredDomainRegistration _ _ ti _ _ tid _ _ -> case (ti, tid) of + StoredDomainRegistration _ _ ti _ _ tid _ -> case (ti, tid) of (Just AllowedTag, Nothing) -> Just Allowed (Just NotAllowedTag, Nothing) -> Just NotAllowed (Just TeamTag, Just teamId) -> Just $ Team teamId @@ -362,7 +349,7 @@ fromStored sdr = getDomainRedirect :: StoredDomainRegistration -> Maybe DomainRedirect getDomainRedirect = \case - StoredDomainRegistration _ dr _ ssoId url _ _ _ -> case (dr, ssoId, url) of + StoredDomainRegistration _ dr _ ssoId url _ _ -> case (dr, ssoId, url) of (Just NoneTag, Nothing, Nothing) -> Just None (Just LockedTag, Nothing, Nothing) -> Just Locked (Just PreAuthorizedTag, Nothing, Nothing) -> Just PreAuthorized @@ -376,7 +363,7 @@ toStored :: DomainRegistration -> StoredDomainRegistration toStored dr = let (domainRedirect, idpId, backendUrl) = fromDomainRedirect dr.domainRedirect (teamInvite, team) = fromTeamInvite dr.teamInvite - in StoredDomainRegistration dr.domain (Just domainRedirect) (Just teamInvite) idpId backendUrl team dr.dnsVerificationToken dr.authToken + in StoredDomainRegistration dr.domain (Just domainRedirect) (Just teamInvite) idpId backendUrl team dr.dnsVerificationToken where fromTeamInvite :: TeamInvite -> (TeamInviteTag, Maybe TeamId) fromTeamInvite Allowed = (AllowedTag, Nothing) diff --git a/services/brig/brig.cabal b/services/brig/brig.cabal index d00c5b56734..02749f53307 100644 --- a/services/brig/brig.cabal +++ b/services/brig/brig.cabal @@ -186,7 +186,6 @@ library Brig.Schema.V86_WriteTimeBumper Brig.Schema.V87_DropInvitationTables Brig.Schema.V88_DomainRegistrationTable - Brig.Schema.V89_DomainRegistrationTable_addAuthToken Brig.Team.API Brig.Team.Email Brig.Team.Template diff --git a/services/brig/src/Brig/API/Public.hs b/services/brig/src/Brig/API/Public.hs index 7ed09cf9eb2..66c3960c1b9 100644 --- a/services/brig/src/Brig/API/Public.hs +++ b/services/brig/src/Brig/API/Public.hs @@ -1509,17 +1509,6 @@ getSystemSettingsInternal _ = do let iSettings = SystemSettingsInternal $ fromMaybe False optSettings.enableMLS pure $ SystemSettings pSettings iSettings -ensureAuthTokenCorrect :: - (Member EnterpriseLoginSubsystem r) => - Domain -> - Bearer DomainVerificationAuthToken -> - Handler r () -ensureAuthTokenCorrect domain token = do - matches <- lift . liftSem $ EnterpriseLogin.checkAuthToken domain (unBearer token) - if matches - then pure () - else throwStd (errorToWai @E.InvalidDomainVerificationAuthToken) - domainVerificationToken :: (Member EnterpriseLoginSubsystem r) => Maybe (Bearer DomainVerificationAuthToken) -> @@ -1527,10 +1516,8 @@ domainVerificationToken :: Handler r DomainVerificationTokenResponse domainVerificationToken mAuthToken domain = do authToken <- case mAuthToken of - Nothing -> lift . liftSem $ EnterpriseLogin.generateAuthToken domain - Just token -> do - ensureAuthTokenCorrect domain token - pure (unBearer token) + Nothing -> lift . liftSem $ EnterpriseLogin.generateAuthToken + Just token -> pure (unBearer token) dnsToken <- lift . liftSem $ EnterpriseLogin.getDomainVerificationToken domain authToken pure DomainVerificationTokenResponse {..} @@ -1554,7 +1541,6 @@ updateDomainRegistration :: (DomainRegistration -> Maybe DomainRegistrationUpdate) -> Handler r () updateDomainRegistration authToken domain computeUpdate = do - ensureAuthTokenCorrect domain authToken mbDomainReg <- lift . liftSem $ EnterpriseLogin.tryGetDomainRegistration domain update <- guardUpdate $ mbDomainReg >>= computeUpdate verifyDNSRecord authToken domain diff --git a/services/brig/src/Brig/Schema/Run.hs b/services/brig/src/Brig/Schema/Run.hs index 9b819530659..f5c102e7d15 100644 --- a/services/brig/src/Brig/Schema/Run.hs +++ b/services/brig/src/Brig/Schema/Run.hs @@ -63,7 +63,6 @@ import Brig.Schema.V85_DropUserKeysHashed qualified as V85_DropUserKeysHashed import Brig.Schema.V86_WriteTimeBumper qualified as V86_WriteTimeBumper import Brig.Schema.V87_DropInvitationTables qualified as V87_DropInvitationTables import Brig.Schema.V88_DomainRegistrationTable qualified as V88_DomainRegistrationTable -import Brig.Schema.V89_DomainRegistrationTable_addAuthToken qualified as V89_DomainRegistrationTable_addAuthToken import Cassandra.MigrateSchema (migrateSchema) import Cassandra.Schema import Control.Exception (finally) @@ -133,8 +132,7 @@ migrations = V85_DropUserKeysHashed.migration, V86_WriteTimeBumper.migration, V87_DropInvitationTables.migration, - V88_DomainRegistrationTable.migration, - V89_DomainRegistrationTable_addAuthToken.migration + V88_DomainRegistrationTable.migration -- FUTUREWORK: undo V41 (searchable flag); we stopped using it in -- https://github.com/wireapp/wire-server/pull/964 ] diff --git a/services/brig/src/Brig/Schema/V89_DomainRegistrationTable_addAuthToken.hs b/services/brig/src/Brig/Schema/V89_DomainRegistrationTable_addAuthToken.hs deleted file mode 100644 index 519c9dd11cc..00000000000 --- a/services/brig/src/Brig/Schema/V89_DomainRegistrationTable_addAuthToken.hs +++ /dev/null @@ -1,37 +0,0 @@ -{-# LANGUAGE QuasiQuotes #-} - --- This file is part of the Wire Server implementation. --- --- Copyright (C) 2023 Wire Swiss GmbH --- --- This program is free software: you can redistribute it and/or modify it under --- the terms of the GNU Affero General Public License as published by the Free --- Software Foundation, either version 3 of the License, or (at your option) any --- later version. --- --- This program is distributed in the hope that it will be useful, but WITHOUT --- ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS --- FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more --- details. --- --- You should have received a copy of the GNU Affero General Public License along --- with this program. If not, see . - -module Brig.Schema.V89_DomainRegistrationTable_addAuthToken - ( migration, - ) -where - -import Cassandra.Schema -import Imports -import Text.RawString.QQ - -migration :: Migration -migration = - Migration 89 "Add auth_token to domain_registration table" $ do - schema' - [r| - ALTER TABLE domain_registration ADD ( - auth_token ascii - ) - |]