Support basic account action for admin

[gusah009]

What this PR does / why we need it:

Added the admin APIs ChangePassword and DeleteAccount.

As their names suggest, these are APIs for changing passwords and deleting accounts.

Which issue(s) this PR fixes:

Fixes #849

Special notes for your reviewer:

• I've verified that it works with mongoDB and in-memory DBs using postman.

• As mentioned below, we will need to open an endpoint to access this API from your dashboard or CLI. client development is not included in this PR.

• I generated the files with the make proto command, which broke the formatting of the api/docs/yorkie/v1/*.openapi.yaml files.

• I wanted the validation of username or password on ChangePassword to be the same as SignUp, but I didn't know how to separate them into a common string, so I added a warning as a comment. If there's a good way to do it, I'd love to hear about it :)

Does this PR introduce a user-facing change?:

NONE

There is no user impact yet. we need to open an endpoint that the client can access from the dashboard or CLI.

Additional documentation:

Checklist:

• [ ] Added relevant tests or not required
• [ ] Didn't break anything

Summary by CodeRabbit

• New Features

  • Added functionalities for users to change their passwords, create new accounts, and delete accounts via new API endpoints.
  • Implemented corresponding methods on the server side for secure account management operations.
  • Marked the previous signup endpoint as deprecated to facilitate the transition to the new account creation process.

• Bug Fixes

  • Improved error handling for account management operations to ensure accurate feedback during deletions and password changes.

• Documentation

  • Updated API documentation to reflect the new endpoints and their corresponding request/response schemas.

[CLAassistant]

All committers have signed the CLA.

[coderabbitai[bot]]

[!WARNING]

Rate limit exceeded

@gusah009 has exceeded the limit for the number of commits or files that can be reviewed per hour. Please wait 11 minutes and 52 seconds before requesting another review.

How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the `@coderabbitai review` command as a PR comment. Alternatively, push new commits to this PR. We recommend that you space out your commits to avoid hitting the rate limit.

How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization. Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout. Please see our [FAQ](https://coderabbit.ai/docs/faq) for further information.

Commits

Files that changed from the base of the PR and between ddfdff5bdc32db512b3dfba72f97558aac08cca6 and 6982a770a3faf09b5d02e4a4ecc802b46003baae.

Walkthrough

This update enhances the AdminService by introducing functionalities for changing passwords, creating accounts, and deleting accounts. The changes include new API endpoints, RPC methods, and database operations, significantly improving administrative capabilities for managing accounts.

Changes

File(s)	Change Summary
api/docs/yorkie/v1/admin.openapi.yaml	Added endpoints for changing passwords, creating accounts, and deleting accounts, with necessary schemas.
api/yorkie/v1/admin.proto	Introduced new RPC methods: CreateAccount, DeleteAccount, and ChangePassword with associated messages.
server/backend/database/database.go	Updated database methods to reflect account management changes, including errors and new functions for accounts.
server/rpc/admin_server.go	Added server methods for account deletion and password changes with appropriate validation.
server/rpc/testcases/testcases.go	Updated tests to reflect new account actions and added tests for deleting accounts and changing passwords.
test/helper/helper.go	Introduced a new variable for enhanced account creation password management.

Assessment against linked issues

Objective	Addressed	Explanation
Support basic account actions (e.g., ChangePassword, DeleteAccount) (#849)	✅

🐇 In the meadow, with joy we bounce,
New powers for admin, we gladly announce!
Change a password, delete with ease,
User management now flows like a breeze.
Hoppy updates, oh what a delight,
For all the admin bunnies, it's a wondrous sight! 🌼

---

Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

Share

- [X](https://twitter.com/intent/tweet?text=I%20just%20used%20%40coderabbitai%20for%20my%20code%20review%2C%20and%20it%27s%20fantastic%21%20It%27s%20free%20for%20OSS%20and%20offers%20a%20free%20trial%20for%20the%20proprietary%20code.%20Check%20it%20out%3A&url=https%3A//coderabbit.ai) - [Mastodon](https://mastodon.social/share?text=I%20just%20used%20%40coderabbitai%20for%20my%20code%20review%2C%20and%20it%27s%20fantastic%21%20It%27s%20free%20for%20OSS%20and%20offers%20a%20free%20trial%20for%20the%20proprietary%20code.%20Check%20it%20out%3A%20https%3A%2F%2Fcoderabbit.ai) - [Reddit](https://www.reddit.com/submit?title=Great%20tool%20for%20code%20review%20-%20CodeRabbit&text=I%20just%20used%20CodeRabbit%20for%20my%20code%20review%2C%20and%20it%27s%20fantastic%21%20It%27s%20free%20for%20OSS%20and%20offers%20a%20free%20trial%20for%20proprietary%20code.%20Check%20it%20out%3A%20https%3A//coderabbit.ai) - [LinkedIn](https://www.linkedin.com/sharing/share-offsite/?url=https%3A%2F%2Fcoderabbit.ai&mini=true&title=Great%20tool%20for%20code%20review%20-%20CodeRabbit&summary=I%20just%20used%20CodeRabbit%20for%20my%20code%20review%2C%20and%20it%27s%20fantastic%21%20It%27s%20free%20for%20OSS%20and%20offers%20a%20free%20trial%20for%20proprietary%20code)

Tips

### Chat There are 3 ways to chat with [CodeRabbit](https://coderabbit.ai): - Review comments: Directly reply to a review comment made by CodeRabbit. Example: - `I pushed a fix in commit .` - `Generate unit testing code for this file.` - `Open a follow-up GitHub issue for this discussion.` - Files and specific lines of code (under the "Files changed" tab): Tag `@coderabbitai` in a new review comment at the desired location with your query. Examples: - `@coderabbitai generate unit testing code for this file.` - `@coderabbitai modularize this function.` - PR comments: Tag `@coderabbitai` in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples: - `@coderabbitai generate interesting stats about this repository and render them as a table.` - `@coderabbitai show all the console.log statements in this repository.` - `@coderabbitai read src/utils.ts and generate unit testing code.` - `@coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.` - `@coderabbitai help me debug CodeRabbit configuration file.` Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments. ### CodeRabbit Commands (invoked as PR comments) - `@coderabbitai pause` to pause the reviews on a PR. - `@coderabbitai resume` to resume the paused reviews. - `@coderabbitai review` to trigger an incremental review. This is useful when automatic reviews are disabled for the repository. - `@coderabbitai full review` to do a full review from scratch and review all the files again. - `@coderabbitai summary` to regenerate the summary of the PR. - `@coderabbitai resolve` resolve all the CodeRabbit review comments. - `@coderabbitai configuration` to show the current CodeRabbit configuration for the repository. - `@coderabbitai help` to get help. Additionally, you can add `@coderabbitai ignore` anywhere in the PR description to prevent this PR from being reviewed. ### CodeRabbit Configuration File (`.coderabbit.yaml`) - You can programmatically configure CodeRabbit by adding a `.coderabbit.yaml` file to the root of your repository. - Please see the [configuration documentation](https://docs.coderabbit.ai/guides/configure-coderabbit) for more information. - If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: `# yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json` ### Documentation and Community - Visit our [Documentation](https://coderabbit.ai/docs) for detailed information on how to use CodeRabbit. - Join our [Discord Community](https://discord.com/invite/GsXnASn26c) to get help, request features, and share feedback. - Follow us on [X/Twitter](https://twitter.com/coderabbitai) for updates and announcements.

[krapie]

@gusah009 There seems to be lint error causing CI to fail. Could you please lint it again?

[gusah009]

@krapie hello. I agree with all of your suggestions in the comments, so I've made the following changes.

1. In response to User vs Account, I have unified to use User. ex) DeleteAccount -> DeleteUser

2. I also agree that the Admin RPC needs test code, so I added a test case that is simple but covers a few cases.

In addition, I also included the review. Thank you for your careful review.

[krapie]

Also, I did not get what below comment means:

I wanted the validation of username or password on ChangePassword to be the same as SignUp, but I didn't know how to separate them into a common string, so I added a warning as a comment. If there's a good way to do it, I'd love to hear about it :)

[gusah009]

Also, I did not get what below comment means:

I wanted the validation of username or password on ChangePassword to be the same as SignUp, but I didn't know how to separate them into a common string, so I added a warning as a comment. If there's a good way to do it, I'd love to hear about it :)

@krapie Well, this is not a very important comment because I merged ChangePasswordFields and SignUpFields into UserFields in this PR: https://github.com/yorkie-team/yorkie/pull/934#discussion_r1685435558

Anyway, that means, what it means is that I want to refactor the duplicated validation strings like "required,min=2,max=30,slug" or "required,min=8,max=30,alpha_num_special" because signup and changePassword must have the same validation. However, default strings in struct cannot be extracted as constants or anything in golang. That's all.

type SignupFields struct {
    // Username is the name of user.
    Username *string `bson:"username" validate:"required,min=2,max=30,slug"`
    // Password is the password of user.
    Password *string `bson:"password" validate:"required,min=8,max=30,alpha_num_special"`
}

type ChangePasswordFields struct {
    // Username is the name of user.
    Username *string `bson:"username" validate:"required,min=2,max=30,slug"`

    // NewPassword is the new password of user
    NewPassword *string `bson:"new_password" validate:"required,min=8,max=30,alpha_num_special"`
}

[krapie]

@gusah009 How about changing the word user to account? If we use the word user in the context of admin, it sounds like the action is for normal user, not admin user. So if we use the word account instead, we can clarify the meaning; that these RPCs performs action on the admin itself. Currently Google is using the word account for their user system.

It will look something like below:

service AdminService {
  rpc LogIn(LogInRequest) returns (LogInResponse) {}
  rpc CreateAccount(CreateAccountRequest) returns (CreateAccountResponse) {}
  rpc DeleteAccount(DeleteAccountRequest) returns (DeleteAccountResponse) {}
  rpc ChangePassword(ChangePasswordRequest) returns (ChangePasswordResponse) {}
}

[gusah009]

@krapie Oh, that's a good idea. I'll do it right away.

Well, then I'll change the user table with admin to account table and accountName will be more appropriate than username.

[krapie]

@gusah009 Hmm. I'm not sure about changing username to accountName. I think we can organize like below:

• Account is an object which contains Username, Password fields.
• Account parent of Admin and User (Normal User, TBD).

[gusah009]

Account parent of Admin and User (Normal User, TBD).

@krapie Looking at it like this, I don’t think I need to change the username. Thank you for your good advice.

[krapie]

After discussing with @gusah009, we have concluded what we revert our changes to use RPC name as DeleteAccount and ChangePassword. This is because the scope of changing keyword User to Account takes more resources and changes that we thought. Considering our scope of this PR of just adding new actions for admin, it will be better to keep our changes small as possible.

I apologize for the frequent change request to @gusah009. Thank you for your understanding. Next time we will decide our design prior to implementation.

[codecov[bot]]

Codecov Report

Attention: Patch coverage is 28.42105% with 68 lines in your changes missing coverage. Please review.

Project coverage is 51.31%. Comparing base (bcb246b) to head (7022723).

Files	Patch %	Lines
server/backend/database/memory/database.go	0.00%	36 Missing :warning:
server/backend/database/mongo/client.go	0.00%	23 Missing :warning:
server/rpc/admin_server.go	74.28%	6 Missing and 3 partials :warning:

Additional details and impacted files

```diff @@ Coverage Diff @@ ## main #934 +/- ## ========================================== - Coverage 51.53% 51.31% -0.22% ========================================== Files 71 71 Lines 10586 10679 +93 ========================================== + Hits 5455 5480 +25 - Misses 4585 4650 +65 - Partials 546 549 +3 ```

:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.

[krapie]

@hackerwins We did not consider cascading delete on user related objects including projects and documents. I think we need to also consider to also delete related resources.

[hackerwins]

@krapie Please create an issue regarding this. 🙏