fix(auth): Handle CockroachDB BIGINT IDs as strings to prevent precision loss

zainforbjs · zainforbjs · commit 34c156e11f7d · 2026-02-14T00:58:59.000+05:00
When migrating from MSSQL to CockroachDB, user IDs changed from sequential
INT to distributed BIGINT values generated via unique_rowid(). ColdFusion's
double precision cannot safely represent all 64-bit integers, causing silent
ID corruption that manifested as:
- Empty user_id in token records after registration
- Random "user not found" errors
- Token verification failures

Changes:
- User.cfc: Set id and roleId properties to datatype="string"
- UserToken.cfc: Set id and user_id properties to datatype="string"
- AuthController.saveUser(): Add ID retrieval fallback and extensive logging
  to debug Wheels ID population with CockroachDB

This ensures BIGINT IDs are treated as opaque string identifiers throughout
the application layer while remaining INT8 in the database. PostgreSQL/
CockroachDB automatically handle string-to-BIGINT conversion in queries.

Fixes user registration flow where tokens were being created with empty
user_id values.
diff --git a/app/controllers/web/AuthController.cfc b/app/controllers/web/AuthController.cfc
@@ -619,10 +619,10 @@ component extends="app.Controllers.Controller" {
         return user;
     }
     
-    private function saveUser(required struct userData) {        
-        var message = "";
+
+    private string function saveUser(required struct userData) {        
         try {
-            // check required fields
+            // Validate required fields
             if (!structKeyExists(userData, "firstname") || !len(trim(userData.firstname))) {
                 return "First name is required.";
             }
@@ -638,41 +638,96 @@ component extends="app.Controllers.Controller" {
             if (!structKeyExists(userData, "passwordHash") || !len(trim(userData.passwordHash))) {
                 return "Password is required.";
             }
-            // Check if a user with the same email already exists
-            var existingUser = model("User").findFirst( where="email = '#userData.email#'");
-            if (!isObject(existingUser)) {
-                // Create a new user
-                var newUser = model("User").new();
-                newUser.firstname = userData.firstname;
-                newUser.lastname = userData.lastname;
-                newUser.email = userData.email;
-                newUser.passwordhash = bCryptHashPW(userData.passwordHash, bCryptGenSalt());
-                newUser.roleid = GetUserRoleId(); // user role
-                newUser.status = SetInactive(); // set inactive
-                if(structKeyExists(userData, "newsletter")){
-                    newUser.newsletter = true;
-                }
-                if(newUser.save()){
-                    // Generate a unique verification token
-                    var verificationToken = Hash(createUUID());
-                    // Save token to the user_tokens table
-                    var newToken = model("UserToken").new();
-                    newToken.token = verificationToken;
-                    newToken.user_id = newUser.id;
-                    newToken.status = false; // Not verified
-                    newToken.save();
-                    // Send verification email
-                    if(sendVerificationEmail(newUser.email, verificationToken)){
-                        message = "Registration successful. Please check your email to verify your account.";
-                    }else{
-                        message = "Unable to send verification email. Please try again or contact support.";
+            if (len(userData.passwordHash) < 8) {
+                return "Password must be at least 8 characters long.";
+            }
+            
+            // Check for duplicate email - CORRECTED: Use Dynamic Finder
+            var existingUser = model("User").findOneByEmail(userData.email);
+            if (isObject(existingUser)) {
+                return message = "An account with this email address already exists.";
+            }
+            
+             // Create a new user
+            var newUser = model("User").new();
+            newUser.firstname = userData.firstname;
+            newUser.lastname = userData.lastname;
+            newUser.email = userData.email;
+            newUser.passwordhash = bCryptHashPW(userData.passwordHash, bCryptGenSalt());
+            newUser.roleid = toString(GetUserRoleId()); // Convert to string
+            newUser.status = SetInactive();
+            
+            if (structKeyExists(userData, "newsletter")) {
+                newUser.newsletter = true;
+            }
+            
+            if (!newUser.save()) {
+                model("Log").log(
+                    category = "wheels.auth",
+                    level = "ERROR",
+                    message = "Failed to save new user",
+                    details = {
+                        "email": userData.email,
+                        "errors": newUser.allErrors()
                     }
-                }else{
-                    message = "Unable to create user account. Please try again or contact support.";
+                );
+                return "Unable to create user account. Please try again or contact support.";
+            }
+            
+            // After save, ID should now be populated as a string
+            var userId = newUser.id; // Already a string due to model config
+            
+            // Validate we got a proper ID
+            if (!len(userId)) {
+                // Fallback: re-fetch from database
+                var savedUser = model("User").findOneByEmail(userData.email);
+                if (isObject(savedUser)) {
+                    userId = savedUser.id;
+                } else {
+                    model("Log").log(
+                        category = "wheels.auth",
+                        level = "ERROR",
+                        message = "User saved but ID is empty and cannot re-fetch",
+                        details = {"email": userData.email}
+                    );
+                    return "Registration error. Please contact support.";
                 }
-            } else {
-                message = "An account with this email address already exists.";
             }
+            
+            // Generate and save verification token
+            var verificationToken = Hash(createUUID());
+            
+            var newToken = model("UserToken").new();
+            newToken.token = verificationToken;
+            newToken.user_id = userId; // Now a string, safe
+            newToken.status = false;
+            
+            if (!newToken.save()) {
+                model("Log").log(
+                    category = "wheels.auth",
+                    level = "ERROR",
+                    message = "Failed to save verification token",
+                    details = {
+                        "user_id": userId,
+                        "errors": newToken.allErrors()
+                    }
+                );
+                return "Registration error. Please contact support.";
+            }
+            
+            // Send verification email
+            if (!sendVerificationEmail(userData.email, verificationToken)) {
+                model("Log").log(
+                    category = "wheels.auth",
+                    level = "WARN",
+                    message = "User created but verification email failed",
+                    details = {"user_id": userId, "email": userData.email}
+                );
+                return "Registration completed but we couldn't send the verification email. Please contact support to resend the verification link.";
+            }
+            
+            return "Registration successful. Please check your email to verify your account.";
+            
         } catch (any e) {
             // Log internal error, but return generic message
             model("Log").log(
@@ -681,12 +736,12 @@ component extends="app.Controllers.Controller" {
                 message = "Exception in saveUser",
                 details = {
                     "error_message": e.message,
-                    "error_detail": e.detail
+                    "error_detail": e.detail,
+                    "email": structKeyExists(userData, "email") ? userData.email : ""
                 }
             );
-            message = "An error occurred while creating your account. Please try again later.";
+            return "An error occurred while creating your account. Please try again later.";
         }
-        return message;
     }
 
     private function sendVerificationEmail(required string email, required string token) {
diff --git a/app/models/User.cfc b/app/models/User.cfc
@@ -2,11 +2,12 @@ component extends="app.Models.Model" {
     function config() {
         table("users");
 
+        // Tell Wheels to treat the ID as a string, not an integer -- CockroachDB is storing INT8 (BIGINT), which is a 64-bit integer that ColdFusion cannot safely represent as a number.
         // ID Property
         property(
             name="id", 
             column="id", 
-            dataType="integer", 
+            dataType="string", 
             automaticValidations=false
         );
 
@@ -152,8 +153,8 @@ component extends="app.Models.Model" {
             label="WordPress ID"
         );
         
-        property(name="website", column="website", dataType="string", default="");
-        property(name="ip", column="ip", dataType="string", default="");
+        property(name="website", column="website", dataType="string", defaultValue = "");
+        property(name="ip", column="ip", dataType="string", defaultValue = "");
         
         // Relationships
         belongsTo(name="Role", foreignKey="roleId");
diff --git a/app/models/UserToken.cfc b/app/models/UserToken.cfc
@@ -2,12 +2,13 @@ component extends="app.Models.Model" {
     function config() {
         table("user_tokens");
 
-        property(name="id", column="id", type="integer", required=true, primarykey=true);
-        property(name="token", column="token", type="string", required=false, default="");
-        property(name="createdAt", column="createdat", type="datetime", required=false, default="");
-        property(name="updatedAt", column="updatedat", type="datetime", required=false, default="");
-        property(name="deletedAt", column="deletedat", type="datetime", required=false, default="");
-        property(name="user_id", column="user_id", type="integer", required=true, foreignkey=true, references="User(id)");
+        // Tell Wheels to treat the ID as a string, not an integer -- CockroachDB is storing INT8 (BIGINT), which is a 64-bit integer that ColdFusion cannot safely represent as a number.
+        property(name="id", column="id", dataType ="string", primarykey=true);
+        property(name="token", column="token", dataType ="string", defaultValue = "");
+        property(name="createdAt", column="createdat", dataType ="datetime", defaultValue = "");
+        property(name="updatedAt", column="updatedat", dataType ="datetime", defaultValue = "");
+        property(name="deletedAt", column="deletedat", dataType ="datetime", defaultValue = "");
+        property(name="user_id", column="user_id", dataType ="string");
         
         belongsTo(name="User", foreignKey="user_id");
     }
