-- Add ApiKey column to dbo.User, nullable for now but will be not null after backfilling IF COL_LENGTH('[dbo].[User]', 'ApiKey') IS NULL BEGIN ALTER TABLE [dbo].[User] ADD [ApiKey] VARCHAR (30) NULL END GO -- Setup for random string generation to backfill dbo.User.ApiKey CREATE VIEW [dbo].[SecureRandomBytes] AS SELECT [RandBytes] = CRYPT_GEN_RANDOM(2) GO CREATE FUNCTION [dbo].[SecureRandomString]() RETURNS varchar(30) AS BEGIN declare @sLength tinyint declare @randomString varchar(30) declare @counter tinyint declare @nextChar char(1) declare @rnd as float declare @bytes binary(2) set @sLength = 30 set @counter = 1 set @randomString = '' while @counter <= @sLength begin select @bytes = [RandBytes] from [dbo].[SecureRandomBytes] select @rnd = cast(cast(cast(@bytes as int) as float) / 65535 as float) select @nextChar = char(48 + convert(int, (122-48+1) * @rnd)) if ascii(@nextChar) not in (58,59,60,61,62,63,64,91,92,93,94,95,96) begin select @randomString = @randomString + @nextChar set @counter = @counter + 1 end end return @randomString END GO -- Backfill dbo.User.ApiKey UPDATE [dbo].[User] SET [ApiKey] = (SELECT [dbo].[SecureRandomString]()) WHERE [ApiKey] IS NULL GO -- Change dbo.User.ApiKey to not null to enforce all future users to have one on create ALTER TABLE [dbo].[User] ALTER COLUMN [ApiKey] VARCHAR(30) NOT NULL GO -- Cleanup random string generation DROP VIEW [dbo].[SecureRandomBytes] GO DROP FUNCTION [dbo].[SecureRandomString] GO -- Update dbo.User_Create to account for ApiKey IF OBJECT_ID('[dbo].[User_Create]') IS NOT NULL BEGIN DROP PROCEDURE [dbo].[User_Create] END GO CREATE PROCEDURE [dbo].[User_Create] @Id UNIQUEIDENTIFIER, @Name NVARCHAR(50), @Email NVARCHAR(50), @EmailVerified BIT, @MasterPassword NVARCHAR(300), @MasterPasswordHint NVARCHAR(50), @Culture NVARCHAR(10), @SecurityStamp NVARCHAR(50), @TwoFactorProviders NVARCHAR(MAX), @TwoFactorRecoveryCode NVARCHAR(32), @EquivalentDomains NVARCHAR(MAX), @ExcludedGlobalEquivalentDomains NVARCHAR(MAX), @AccountRevisionDate DATETIME2(7), @Key NVARCHAR(MAX), @PublicKey NVARCHAR(MAX), @PrivateKey NVARCHAR(MAX), @Premium BIT, @PremiumExpirationDate DATETIME2(7), @RenewalReminderDate DATETIME2(7), @Storage BIGINT, @MaxStorageGb SMALLINT, @Gateway TINYINT, @GatewayCustomerId VARCHAR(50), @GatewaySubscriptionId VARCHAR(50), @ReferenceData VARCHAR(MAX), @LicenseKey VARCHAR(100), @Kdf TINYINT, @KdfIterations INT, @CreationDate DATETIME2(7), @RevisionDate DATETIME2(7), @ApiKey VARCHAR(30) AS BEGIN SET NOCOUNT ON INSERT INTO [dbo].[User] ( [Id], [Name], [Email], [EmailVerified], [MasterPassword], [MasterPasswordHint], [Culture], [SecurityStamp], [TwoFactorProviders], [TwoFactorRecoveryCode], [EquivalentDomains], [ExcludedGlobalEquivalentDomains], [AccountRevisionDate], [Key], [PublicKey], [PrivateKey], [Premium], [PremiumExpirationDate], [RenewalReminderDate], [Storage], [MaxStorageGb], [Gateway], [GatewayCustomerId], [GatewaySubscriptionId], [ReferenceData], [LicenseKey], [Kdf], [KdfIterations], [CreationDate], [RevisionDate], [ApiKey] ) VALUES ( @Id, @Name, @Email, @EmailVerified, @MasterPassword, @MasterPasswordHint, @Culture, @SecurityStamp, @TwoFactorProviders, @TwoFactorRecoveryCode, @EquivalentDomains, @ExcludedGlobalEquivalentDomains, @AccountRevisionDate, @Key, @PublicKey, @PrivateKey, @Premium, @PremiumExpirationDate, @RenewalReminderDate, @Storage, @MaxStorageGb, @Gateway, @GatewayCustomerId, @GatewaySubscriptionId, @ReferenceData, @LicenseKey, @Kdf, @KdfIterations, @CreationDate, @RevisionDate, @ApiKey ) END GO -- Update dbo.User_Update to account for ApiKey IF OBJECT_ID('[dbo].[User_Update]') IS NOT NULL BEGIN DROP PROCEDURE [dbo].[User_Update] END GO CREATE PROCEDURE [dbo].[User_Update] @Id UNIQUEIDENTIFIER, @Name NVARCHAR(50), @Email NVARCHAR(50), @EmailVerified BIT, @MasterPassword NVARCHAR(300), @MasterPasswordHint NVARCHAR(50), @Culture NVARCHAR(10), @SecurityStamp NVARCHAR(50), @TwoFactorProviders NVARCHAR(MAX), @TwoFactorRecoveryCode NVARCHAR(32), @EquivalentDomains NVARCHAR(MAX), @ExcludedGlobalEquivalentDomains NVARCHAR(MAX), @AccountRevisionDate DATETIME2(7), @Key NVARCHAR(MAX), @PublicKey NVARCHAR(MAX), @PrivateKey NVARCHAR(MAX), @Premium BIT, @PremiumExpirationDate DATETIME2(7), @RenewalReminderDate DATETIME2(7), @Storage BIGINT, @MaxStorageGb SMALLINT, @Gateway TINYINT, @GatewayCustomerId VARCHAR(50), @GatewaySubscriptionId VARCHAR(50), @ReferenceData VARCHAR(MAX), @LicenseKey VARCHAR(100), @Kdf TINYINT, @KdfIterations INT, @CreationDate DATETIME2(7), @RevisionDate DATETIME2(7), @ApiKey VARCHAR(30) AS BEGIN SET NOCOUNT ON UPDATE [dbo].[User] SET [Name] = @Name, [Email] = @Email, [EmailVerified] = @EmailVerified, [MasterPassword] = @MasterPassword, [MasterPasswordHint] = @MasterPasswordHint, [Culture] = @Culture, [SecurityStamp] = @SecurityStamp, [TwoFactorProviders] = @TwoFactorProviders, [TwoFactorRecoveryCode] = @TwoFactorRecoveryCode, [EquivalentDomains] = @EquivalentDomains, [ExcludedGlobalEquivalentDomains] = @ExcludedGlobalEquivalentDomains, [AccountRevisionDate] = @AccountRevisionDate, [Key] = @Key, [PublicKey] = @PublicKey, [PrivateKey] = @PrivateKey, [Premium] = @Premium, [PremiumExpirationDate] = @PremiumExpirationDate, [RenewalReminderDate] = @RenewalReminderDate, [Storage] = @Storage, [MaxStorageGb] = @MaxStorageGb, [Gateway] = @Gateway, [GatewayCustomerId] = @GatewayCustomerId, [GatewaySubscriptionId] = @GatewaySubscriptionId, [ReferenceData] = @ReferenceData, [LicenseKey] = @LicenseKey, [Kdf] = @Kdf, [KdfIterations] = @KdfIterations, [CreationDate] = @CreationDate, [RevisionDate] = @RevisionDate, [ApiKey] = @ApiKey WHERE [Id] = @Id END GO -- Refresh dbo.UserView so it has access to ApiKey IF OBJECT_ID('[dbo].[UserView]') IS NOT NULL BEGIN DROP VIEW [dbo].[UserView] END GO CREATE VIEW [dbo].[UserView] AS SELECT * FROM [dbo].[User] GO