Fix login on legacy DBs: drop NOT NULL phone/email from verification_codes
Old prod DBs had verification_codes.phone (or email) as NOT NULL with no default, so inserting a code via identifier-only failed silently — users received an emailed code that was never stored, and verify always said "Invalid or expired code." Drop the legacy columns in a migration and stop swallowing the CreateVerificationCode error. Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
This commit is contained in:
@@ -101,11 +101,15 @@ func (s *Server) handleLoginSubmit(w http.ResponseWriter, r *http.Request) {
|
|||||||
|
|
||||||
code := generateCode()
|
code := generateCode()
|
||||||
expiresAt := time.Now().UTC().Add(10 * time.Minute)
|
expiresAt := time.Now().UTC().Add(10 * time.Minute)
|
||||||
s.q.CreateVerificationCode(r.Context(), db.CreateVerificationCodeParams{
|
if err := s.q.CreateVerificationCode(r.Context(), db.CreateVerificationCodeParams{
|
||||||
Identifier: identifier,
|
Identifier: identifier,
|
||||||
Code: code,
|
Code: code,
|
||||||
ExpiresAt: expiresAt,
|
ExpiresAt: expiresAt,
|
||||||
})
|
}); err != nil {
|
||||||
|
log.Printf("failed to store verification code for %s: %v", identifier, err)
|
||||||
|
http.Error(w, "Internal error", 500)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
if err := sendVerificationEmail(identifier, code); err != nil {
|
if err := sendVerificationEmail(identifier, code); err != nil {
|
||||||
log.Printf("failed to send verification email to %s: %v", identifier, err)
|
log.Printf("failed to send verification email to %s: %v", identifier, err)
|
||||||
|
|||||||
@@ -22,6 +22,12 @@ func runMigrations(database *sql.DB) {
|
|||||||
`DELETE FROM rsvps WHERE id NOT IN (SELECT MIN(id) FROM rsvps GROUP BY event_id, name COLLATE NOCASE)`,
|
`DELETE FROM rsvps WHERE id NOT IN (SELECT MIN(id) FROM rsvps GROUP BY event_id, name COLLATE NOCASE)`,
|
||||||
// Plus-one tracking for RSVPs.
|
// Plus-one tracking for RSVPs.
|
||||||
`ALTER TABLE rsvps ADD COLUMN plus_one INTEGER NOT NULL DEFAULT 0`,
|
`ALTER TABLE rsvps ADD COLUMN plus_one INTEGER NOT NULL DEFAULT 0`,
|
||||||
|
// Drop legacy phone/email columns from verification_codes. They were
|
||||||
|
// NOT NULL with no default, so inserts using only identifier failed.
|
||||||
|
`DROP INDEX IF EXISTS idx_verification_codes_phone`,
|
||||||
|
`DROP INDEX IF EXISTS idx_verification_codes_email`,
|
||||||
|
`ALTER TABLE verification_codes DROP COLUMN phone`,
|
||||||
|
`ALTER TABLE verification_codes DROP COLUMN email`,
|
||||||
// SMS consent logging for Twilio compliance.
|
// SMS consent logging for Twilio compliance.
|
||||||
`CREATE TABLE IF NOT EXISTS sms_consents (
|
`CREATE TABLE IF NOT EXISTS sms_consents (
|
||||||
id INTEGER PRIMARY KEY AUTOINCREMENT,
|
id INTEGER PRIMARY KEY AUTOINCREMENT,
|
||||||
|
|||||||
Reference in New Issue
Block a user