Add support for Emergency Access (#1000)

* Add support for Emergency Access * Add migration script * Review comments * Ensure grantor has premium when inviting new grantees. * Resolve review comments * Remove two factor references
2025-07-23 18:41:47 -05:00 · 2020-12-16 20:36:47 +01:00
parent 9bb63b86f0
commit 0f1af2333e
60 changed files with 2073 additions and 3 deletions
--- a/src/Sql/Sql.sqlproj
+++ b/src/Sql/Sql.sqlproj
@ -69,6 +69,7 @@
    <Folder Include="dbo\User Defined Types\" />
  </ItemGroup>
  <ItemGroup>
+    <Build Include="dbo\Stored Procedures\EmergencyAccessDetails_ReadByIdGrantorId.sql" />
    <Build Include="dbo\Stored Procedures\SsoConfig_Create.sql" />
    <Build Include="dbo\Stored Procedures\SsoConfig_ReadByIdentifier.sql" />
    <Build Include="dbo\Stored Procedures\SsoConfig_ReadByOrganizationId.sql" />
@ -287,6 +288,18 @@
    <Build Include="dbo\Views\SendView.sql" />
    <Build Include="dbo\Stored Procedures\OrganizationUser_ReadByUserIds.sql" />
    <Build Include="dbo\Stored Procedures\Send_ReadByDeletionDateBefore.sql" />
+    <Build Include="dbo\Tables\EmergencyAccess.sql" />
+    <Build Include="dbo\Stored Procedures\EmergencyAccess_Create.sql" />
+    <Build Include="dbo\Stored Procedures\EmergencyAccess_ReadById.sql" />
+    <Build Include="dbo\Stored Procedures\EmergencyAccess_ReadCountByGrantorIdEmail.sql" />
+    <Build Include="dbo\Stored Procedures\EmergencyAccess_Update.sql" />
+    <Build Include="dbo\Views\EmergencyAccessDetailsView.sql" />
+    <Build Include="dbo\Stored Procedures\EmergencyAccessDetails_ReadByGrantorId.sql" />
+    <Build Include="dbo\Stored Procedures\EmergencyAccess_DeleteById.sql" />
+    <Build Include="dbo\Stored Procedures\User_BumpAccountRevisionDateByEmergencyAccessGranteeId.sql" />
+    <Build Include="dbo\Stored Procedures\EmergencyAccessDetails_ReadByGranteeId.sql" />
+    <Build Include="dbo\Stored Procedures\EmergencyAccess_ReadToNotify.sql" />
+    <Build Include="dbo\Stored Procedures\EmergencyAccessDetails_ReadExpiredRecoveries.sql" />
    <Build Include="dbo\Tables\TaxRate.sql" />
    <Build Include="dbo\Stored Procedures\TaxRate_Search.sql" />
    <Build Include="dbo\Stored Procedures\TaxRate_ReadByLocation.sql" />
@ -298,4 +311,3 @@
    <Build Include="dbo\Stored Procedures\OrganizationUserOrganizationDetails_ReadByUserIdStatusOrganizationId.sql" />
  </ItemGroup>
 </Project>
-
--- a/Procedures/EmergencyAccessDetails_ReadByGranteeId.sql
+++ b/Procedures/EmergencyAccessDetails_ReadByGranteeId.sql
@ -0,0 +1,13 @@
+CREATE PROCEDURE [dbo].[EmergencyAccessDetails_ReadByGranteeId]
+    @GranteeId UNIQUEIDENTIFIER
+AS
+BEGIN
+    SET NOCOUNT ON
+
+    SELECT
+        *
+    FROM
+        [dbo].[EmergencyAccessDetailsView]
+    WHERE
+        [GranteeId] = @GranteeId
+END
--- a/Procedures/EmergencyAccessDetails_ReadByGrantorId.sql
+++ b/Procedures/EmergencyAccessDetails_ReadByGrantorId.sql
@ -0,0 +1,13 @@
+CREATE PROCEDURE [dbo].[EmergencyAccessDetails_ReadByGrantorId]
+    @GrantorId UNIQUEIDENTIFIER
+AS
+BEGIN
+    SET NOCOUNT ON
+
+    SELECT
+        *
+    FROM
+        [dbo].[EmergencyAccessDetailsView]
+    WHERE
+        [GrantorId] = @GrantorId
+END
--- a/Procedures/EmergencyAccessDetails_ReadByIdGrantorId.sql
+++ b/Procedures/EmergencyAccessDetails_ReadByIdGrantorId.sql
@ -0,0 +1,16 @@
+CREATE PROCEDURE [dbo].[EmergencyAccessDetails_ReadByIdGrantorId]
+    @Id UNIQUEIDENTIFIER,
+    @GrantorId UNIQUEIDENTIFIER
+AS
+BEGIN
+    SET NOCOUNT ON
+
+    SELECT
+        *
+    FROM
+        [dbo].[EmergencyAccessDetailsView]
+    WHERE
+        [Id] = @Id
+    AND
+        [GrantorId] = @GrantorId
+END
--- a/Procedures/EmergencyAccessDetails_ReadExpiredRecoveries.sql
+++ b/Procedures/EmergencyAccessDetails_ReadExpiredRecoveries.sql
@ -0,0 +1,14 @@
+CREATE PROCEDURE [dbo].[EmergencyAccessDetails_ReadExpiredRecoveries]
+AS
+BEGIN
+    SET NOCOUNT ON
+
+    SELECT
+        *
+    FROM
+        [dbo].[EmergencyAccessDetailsView]
+    WHERE
+        [Status] = 3
+    AND
+        DATEADD(DAY, [WaitTimeDays], [RecoveryInitiatedDate]) <= GETUTCDATE()
+END
--- a/Procedures/EmergencyAccess_Create.sql
+++ b/Procedures/EmergencyAccess_Create.sql
@ -0,0 +1,48 @@
+CREATE PROCEDURE [dbo].[EmergencyAccess_Create]
+    @Id UNIQUEIDENTIFIER,
+    @GrantorId UNIQUEIDENTIFIER,
+    @GranteeId UNIQUEIDENTIFIER,
+    @Email NVARCHAR(50),
+    @KeyEncrypted VARCHAR(MAX),
+    @Type TINYINT,
+    @Status TINYINT,
+    @WaitTimeDays SMALLINT,
+    @RecoveryInitiatedDate DATETIME2(7),
+    @LastNotificationDate DATETIME2(7),
+    @CreationDate DATETIME2(7),
+    @RevisionDate DATETIME2(7)
+AS
+BEGIN
+    SET NOCOUNT ON
+
+    INSERT INTO [dbo].[EmergencyAccess]
+    (
+        [Id],
+        [GrantorId],
+        [GranteeId],
+        [Email],
+        [KeyEncrypted],
+        [Type],
+        [Status],
+        [WaitTimeDays],
+        [RecoveryInitiatedDate],
+        [LastNotificationDate],
+        [CreationDate],
+        [RevisionDate]
+    )
+    VALUES
+    (
+        @Id,
+        @GrantorId,
+        @GranteeId,
+        @Email,
+        @KeyEncrypted,
+        @Type,
+        @Status,
+        @WaitTimeDays,
+        @RecoveryInitiatedDate,
+        @LastNotificationDate,
+        @CreationDate,
+        @RevisionDate
+    )
+END
--- a/Procedures/EmergencyAccess_DeleteById.sql
+++ b/Procedures/EmergencyAccess_DeleteById.sql
@ -0,0 +1,14 @@
+CREATE PROCEDURE [dbo].[EmergencyAccess_DeleteById]
+    @Id UNIQUEIDENTIFIER
+AS
+BEGIN
+    SET NOCOUNT ON
+    
+    EXEC [dbo].[User_BumpAccountRevisionDateByEmergencyAccessGranteeId] @Id
+    
+    DELETE
+    FROM
+        [dbo].[EmergencyAccess]
+    WHERE
+        [Id] = @Id
+END
--- a/Procedures/EmergencyAccess_ReadById.sql
+++ b/Procedures/EmergencyAccess_ReadById.sql
@ -0,0 +1,13 @@
+CREATE PROCEDURE [dbo].[EmergencyAccess_ReadById]
+    @Id UNIQUEIDENTIFIER
+AS
+BEGIN
+    SET NOCOUNT ON
+
+    SELECT
+        *
+    FROM
+        [dbo].[EmergencyAccess]
+    WHERE
+        [Id] = @Id
+END
--- a/Procedures/EmergencyAccess_ReadCountByGrantorIdEmail.sql
+++ b/Procedures/EmergencyAccess_ReadCountByGrantorIdEmail.sql
@ -0,0 +1,21 @@
+CREATE PROCEDURE [dbo].[EmergencyAccess_ReadCountByGrantorIdEmail]
+    @GrantorId UNIQUEIDENTIFIER,
+    @Email NVARCHAR(50),
+    @OnlyUsers BIT
+AS
+BEGIN
+    SET NOCOUNT ON
+
+    SELECT
+        COUNT(1)
+    FROM
+        [dbo].[EmergencyAccess] EA
+    LEFT JOIN
+        [dbo].[User] U ON EA.[GranteeId] = U.[Id]
+    WHERE
+        EA.[GrantorId] = @GrantorId
+        AND (
+            (@OnlyUsers = 0 AND (EA.[Email] = @Email OR U.[Email] = @Email))
+            OR (@OnlyUsers = 1 AND U.[Email] = @Email)
+        )
+END
--- a/Procedures/EmergencyAccess_ReadToNotify.sql
+++ b/Procedures/EmergencyAccess_ReadToNotify.sql
@ -0,0 +1,22 @@
+CREATE PROCEDURE [dbo].[EmergencyAccess_ReadToNotify]
+AS
+BEGIN
+    SET NOCOUNT ON
+
+    SELECT
+        EA.*,
+        Grantee.Name as GranteeName,
+        Grantor.Email as GrantorEmail
+    FROM
+        [dbo].[EmergencyAccess] EA
+    LEFT JOIN
+        [dbo].[User] Grantor ON Grantor.[Id] = EA.[GrantorId]
+    LEFT JOIN
+        [dbo].[User] Grantee On Grantee.[Id] = EA.[GranteeId]
+    WHERE
+        EA.[Status] = 3
+    AND
+        DATEADD(DAY, EA.[WaitTimeDays] - 1, EA.[RecoveryInitiatedDate]) <= GETUTCDATE()
+    AND
+        DATEADD(DAY, 1, EA.[LastNotificationDate]) <= GETUTCDATE()
+END
--- a/Procedures/EmergencyAccess_Update.sql
+++ b/Procedures/EmergencyAccess_Update.sql
@ -0,0 +1,36 @@
+CREATE PROCEDURE [dbo].[EmergencyAccess_Update]
+    @Id UNIQUEIDENTIFIER,
+    @GrantorId UNIQUEIDENTIFIER,
+    @GranteeId UNIQUEIDENTIFIER,
+    @Email NVARCHAR(50),
+    @KeyEncrypted VARCHAR(MAX),
+    @Type TINYINT,
+    @Status TINYINT,
+    @WaitTimeDays SMALLINT,
+    @RecoveryInitiatedDate DATETIME2(7),
+    @LastNotificationDate DATETIME2(7),
+    @CreationDate DATETIME2(7),
+    @RevisionDate DATETIME2(7)
+AS
+BEGIN
+    SET NOCOUNT ON
+
+    UPDATE
+        [dbo].[EmergencyAccess]
+    SET
+        [GrantorId] = @GrantorId,
+        [GranteeId] = @GranteeId,
+        [Email] = @Email,
+        [KeyEncrypted] = @KeyEncrypted,
+        [Type] = @Type,
+        [Status] = @Status,
+        [WaitTimeDays] = @WaitTimeDays,
+        [RecoveryInitiatedDate] = @RecoveryInitiatedDate,
+        [LastNotificationDate] = @LastNotificationDate,
+        [CreationDate] = @CreationDate,
+        [RevisionDate] = @RevisionDate
+    WHERE
+        [Id] = @Id
+
+    EXEC [dbo].[User_BumpAccountRevisionDate] @GranteeId
+END
--- a/Procedures/User_BumpAccountRevisionDateByEmergencyAccessGranteeId.sql
+++ b/Procedures/User_BumpAccountRevisionDateByEmergencyAccessGranteeId.sql
@ -0,0 +1,18 @@
+CREATE PROCEDURE [dbo].[User_BumpAccountRevisionDateByEmergencyAccessGranteeId]
+    @EmergencyAccessId UNIQUEIDENTIFIER
+AS
+BEGIN
+    SET NOCOUNT ON
+
+    UPDATE
+        U
+    SET
+        U.[AccountRevisionDate] = GETUTCDATE()
+    FROM
+        [dbo].[User] U
+    INNER JOIN
+        [dbo].[EmergencyAccess] EA ON EA.[GranteeId] = U.[Id]
+    WHERE
+        EA.[Id] = @EmergencyAccessId
+        AND EA.[Status] = 2 -- Confirmed
+END
--- a/Procedures/User_DeleteById.sql
+++ b/Procedures/User_DeleteById.sql
@ -79,6 +79,15 @@ BEGIN
    WHERE
        [UserId] = @Id

+    -- Delete Emergency Accesses
+    DELETE
+    FROM
+        [dbo].[EmergencyAccess]
+    WHERE
+        [GrantorId] = @Id
+    OR
+        [GranteeId] = @Id
+    
    -- Finally, delete the user
    DELETE
    FROM
--- a/src/Sql/dbo/Tables/EmergencyAccess.sql
+++ b/src/Sql/dbo/Tables/EmergencyAccess.sql
@ -0,0 +1,18 @@
+CREATE TABLE [dbo].[EmergencyAccess]
+(
+	[Id]                    UNIQUEIDENTIFIER NOT NULL,
+    [GrantorId]             UNIQUEIDENTIFIER NOT NULL,
+    [GranteeId]             UNIQUEIDENTIFIER NULL,
+    [Email]                 NVARCHAR (50)    NULL,
+    [KeyEncrypted]          VARCHAR (MAX)    NULL,
+    [WaitTimeDays]          SMALLINT         NULL,
+    [Type]                  TINYINT          NOT NULL,
+    [Status]                TINYINT          NOT NULL,
+    [RecoveryInitiatedDate] DATETIME2 (7)    NULL,
+    [LastNotificationDate]  DATETIME2 (7)    NULL,
+    [CreationDate]          DATETIME2 (7)    NOT NULL,
+    [RevisionDate]          DATETIME2 (7)    NOT NULL,
+    CONSTRAINT [PK_EmergencyAccess] PRIMARY KEY CLUSTERED ([Id] ASC),
+    CONSTRAINT [FK_EmergencyAccess_GrantorId] FOREIGN KEY ([GrantorId]) REFERENCES [dbo].[User] ([Id]),
+    CONSTRAINT [FK_EmergencyAccess_GranteeId] FOREIGN KEY ([GranteeId]) REFERENCES [dbo].[User] ([Id])
+)
--- a/src/Sql/dbo/Views/EmergencyAccessDetailsView.sql
+++ b/src/Sql/dbo/Views/EmergencyAccessDetailsView.sql
@ -0,0 +1,14 @@
+CREATE VIEW [dbo].[EmergencyAccessDetailsView]
+AS
+SELECT
+    EA.*,
+    GranteeU.[Name] GranteeName,
+    ISNULL(GranteeU.[Email], EA.[Email]) GranteeEmail,
+    GrantorU.[Name] GrantorName,
+    GrantorU.[Email] GrantorEmail
+FROM
+    [dbo].[EmergencyAccess] EA
+LEFT JOIN
+    [dbo].[User] GranteeU ON GranteeU.[Id] = EA.[GranteeId]
+LEFT JOIN
+    [dbo].[User] GrantorU ON GrantorU.[Id] = EA.[GrantorId]