updated the rules when linking OAuth2 by email

migrations/1718706525_add_login_alert_column.go

@@ -0,0 +1,56 @@
+package migrations
+
+import (
+	"slices"
+
+	"github.com/pocketbase/dbx"
+	"github.com/pocketbase/pocketbase/daos"
+	"github.com/pocketbase/pocketbase/models"
+	"github.com/pocketbase/pocketbase/models/schema"
+	"github.com/pocketbase/pocketbase/tools/security"
+)
+
+// adds a "lastLoginAlertSentAt" column to all auth collection tables (if not already)
+func init() {
+	AppMigrations.Register(func(db dbx.Builder) error {
+		dao := daos.New(db)
+
+		collections := []*models.Collection{}
+		err := dao.CollectionQuery().AndWhere(dbx.HashExp{"type": models.CollectionTypeAuth}).All(&collections)
+		if err != nil {
+			return err
+		}
+
+		var needToResetTokens bool
+
+		for _, c := range collections {
+			columns, err := dao.TableColumns(c.Name)
+			if err != nil {
+				return err
+			}
+			if slices.Contains(columns, schema.FieldNameLastLoginAlertSentAt) {
+				continue // already inserted
+			}
+
+			_, err = db.AddColumn(c.Name, schema.FieldNameLastLoginAlertSentAt, "TEXT DEFAULT '' NOT NULL").Execute()
+			if err != nil {
+				return err
+			}
+
+			opts := c.AuthOptions()
+			if opts.AllowOAuth2Auth && (opts.AllowEmailAuth || opts.AllowUsernameAuth) {
+				needToResetTokens = true
+			}
+		}
+
+		settings, _ := dao.FindSettings()
+		if needToResetTokens && settings != nil {
+			settings.RecordAuthToken.Secret = security.RandomString(50)
+			if err := dao.SaveSettings(settings); err != nil {
+				return err
+			}
+		}
+
+		return nil
+	}, nil)
+}