From ead7e4804ad90246e2aaeb97e6f1526fe06e6cc1 Mon Sep 17 00:00:00 2001 From: Quentin Gliech Date: Thu, 28 Apr 2022 18:39:45 +0200 Subject: [PATCH] Make the client_id a foreign key --- .../20220428161108_oauth2_client_fk.down.sql | 23 + .../20220428161108_oauth2_client_fk.up.sql | 27 + crates/storage/sqlx-data.json | 1428 ++++++++--------- crates/storage/src/oauth2/access_token.rs | 8 +- .../storage/src/oauth2/authorization_grant.rs | 18 +- crates/storage/src/oauth2/client.rs | 2 +- crates/storage/src/oauth2/refresh_token.rs | 8 +- crates/templates/src/res/pages/login.html | 2 +- crates/templates/src/res/pages/reauth.html | 2 +- crates/templates/src/res/pages/register.html | 2 +- 10 files changed, 785 insertions(+), 735 deletions(-) create mode 100644 crates/storage/migrations/20220428161108_oauth2_client_fk.down.sql create mode 100644 crates/storage/migrations/20220428161108_oauth2_client_fk.up.sql diff --git a/crates/storage/migrations/20220428161108_oauth2_client_fk.down.sql b/crates/storage/migrations/20220428161108_oauth2_client_fk.down.sql new file mode 100644 index 00000000..d070a591 --- /dev/null +++ b/crates/storage/migrations/20220428161108_oauth2_client_fk.down.sql @@ -0,0 +1,23 @@ +-- Copyright 2022 The Matrix.org Foundation C.I.C. +-- +-- Licensed under the Apache License, Version 2.0 (the "License"); +-- you may not use this file except in compliance with the License. +-- You may obtain a copy of the License at +-- +-- http://www.apache.org/licenses/LICENSE-2.0 +-- +-- Unless required by applicable law or agreed to in writing, software +-- distributed under the License is distributed on an "AS IS" BASIS, +-- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +-- See the License for the specific language governing permissions and +-- limitations under the License. + +TRUNCATE TABLE oauth2_sessions, oauth2_authorization_grants RESTART IDENTITY CASCADE; + +ALTER TABLE oauth2_sessions + DROP COLUMN "oauth2_client_id", + ADD COLUMN "client_id" TEXT NOT NULL; + +ALTER TABLE oauth2_authorization_grants + DROP COLUMN "oauth2_client_id", + ADD COLUMN "client_id" TEXT NOT NULL; diff --git a/crates/storage/migrations/20220428161108_oauth2_client_fk.up.sql b/crates/storage/migrations/20220428161108_oauth2_client_fk.up.sql new file mode 100644 index 00000000..56c461cd --- /dev/null +++ b/crates/storage/migrations/20220428161108_oauth2_client_fk.up.sql @@ -0,0 +1,27 @@ +-- Copyright 2022 The Matrix.org Foundation C.I.C. +-- +-- Licensed under the Apache License, Version 2.0 (the "License"); +-- you may not use this file except in compliance with the License. +-- You may obtain a copy of the License at +-- +-- http://www.apache.org/licenses/LICENSE-2.0 +-- +-- Unless required by applicable law or agreed to in writing, software +-- distributed under the License is distributed on an "AS IS" BASIS, +-- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +-- See the License for the specific language governing permissions and +-- limitations under the License. + +TRUNCATE TABLE oauth2_sessions, oauth2_authorization_grants RESTART IDENTITY CASCADE; + +ALTER TABLE oauth2_sessions + DROP COLUMN "client_id", + ADD COLUMN "oauth2_client_id" BIGINT + NOT NULL + REFERENCES oauth2_clients (id) ON DELETE CASCADE; + +ALTER TABLE oauth2_authorization_grants + DROP COLUMN "client_id", + ADD COLUMN "oauth2_client_id" BIGINT + NOT NULL + REFERENCES oauth2_clients (id) ON DELETE CASCADE; diff --git a/crates/storage/sqlx-data.json b/crates/storage/sqlx-data.json index c9bd992e..3ab3b2b4 100644 --- a/crates/storage/sqlx-data.json +++ b/crates/storage/sqlx-data.json @@ -55,334 +55,6 @@ }, "query": "\n INSERT INTO oauth2_clients\n (client_id,\n encrypted_client_secret,\n response_types,\n grant_type_authorization_code,\n grant_type_refresh_token,\n token_endpoint_auth_method,\n jwks,\n jwks_uri,\n contacts)\n VALUES\n ($1, $2, $3, $4, $5, $6, $7, $8, '{}')\n RETURNING id\n " }, - "16df03346a3186c289bd64d1a3869103064ddb8f8827af8f19fc9ab93910ede5": { - "describe": { - "columns": [ - { - "name": "refresh_token_id", - "ordinal": 0, - "type_info": "Int8" - }, - { - "name": "refresh_token", - "ordinal": 1, - "type_info": "Text" - }, - { - "name": "refresh_token_created_at", - "ordinal": 2, - "type_info": "Timestamptz" - }, - { - "name": "access_token_id?", - "ordinal": 3, - "type_info": "Int8" - }, - { - "name": "access_token?", - "ordinal": 4, - "type_info": "Text" - }, - { - "name": "access_token_expires_after?", - "ordinal": 5, - "type_info": "Int4" - }, - { - "name": "access_token_created_at?", - "ordinal": 6, - "type_info": "Timestamptz" - }, - { - "name": "session_id!", - "ordinal": 7, - "type_info": "Int8" - }, - { - "name": "client_id!", - "ordinal": 8, - "type_info": "Text" - }, - { - "name": "scope!", - "ordinal": 9, - "type_info": "Text" - }, - { - "name": "user_session_id!", - "ordinal": 10, - "type_info": "Int8" - }, - { - "name": "user_session_created_at!", - "ordinal": 11, - "type_info": "Timestamptz" - }, - { - "name": "user_id!", - "ordinal": 12, - "type_info": "Int8" - }, - { - "name": "user_username!", - "ordinal": 13, - "type_info": "Text" - }, - { - "name": "user_session_last_authentication_id?", - "ordinal": 14, - "type_info": "Int8" - }, - { - "name": "user_session_last_authentication_created_at?", - "ordinal": 15, - "type_info": "Timestamptz" - }, - { - "name": "user_email_id?", - "ordinal": 16, - "type_info": "Int8" - }, - { - "name": "user_email?", - "ordinal": 17, - "type_info": "Text" - }, - { - "name": "user_email_created_at?", - "ordinal": 18, - "type_info": "Timestamptz" - }, - { - "name": "user_email_confirmed_at?", - "ordinal": 19, - "type_info": "Timestamptz" - } - ], - "nullable": [ - false, - false, - false, - false, - false, - false, - false, - false, - false, - false, - false, - false, - false, - false, - false, - false, - false, - false, - false, - true - ], - "parameters": { - "Left": [ - "Text" - ] - } - }, - "query": "\n SELECT\n rt.id AS refresh_token_id,\n rt.token AS refresh_token,\n rt.created_at AS refresh_token_created_at,\n at.id AS \"access_token_id?\",\n at.token AS \"access_token?\",\n at.expires_after AS \"access_token_expires_after?\",\n at.created_at AS \"access_token_created_at?\",\n os.id AS \"session_id!\",\n os.client_id AS \"client_id!\",\n os.scope AS \"scope!\",\n us.id AS \"user_session_id!\",\n us.created_at AS \"user_session_created_at!\",\n u.id AS \"user_id!\",\n u.username AS \"user_username!\",\n usa.id AS \"user_session_last_authentication_id?\",\n usa.created_at AS \"user_session_last_authentication_created_at?\",\n ue.id AS \"user_email_id?\",\n ue.email AS \"user_email?\",\n ue.created_at AS \"user_email_created_at?\",\n ue.confirmed_at AS \"user_email_confirmed_at?\"\n FROM oauth2_refresh_tokens rt\n LEFT JOIN oauth2_access_tokens at\n ON at.id = rt.oauth2_access_token_id\n INNER JOIN oauth2_sessions os\n ON os.id = rt.oauth2_session_id\n INNER JOIN user_sessions us\n ON us.id = os.user_session_id\n INNER JOIN users u\n ON u.id = us.user_id\n LEFT JOIN user_session_authentications usa\n ON usa.session_id = us.id\n LEFT JOIN user_emails ue\n ON ue.id = u.primary_email_id\n\n WHERE rt.token = $1\n AND rt.next_token_id IS NULL\n AND us.active\n AND os.ended_at IS NULL\n\n ORDER BY usa.created_at DESC\n LIMIT 1\n " - }, - "2e8c6507df6c0af78deca3550157b9cc0286f204b15a646c2e7e24c51100e040": { - "describe": { - "columns": [ - { - "name": "grant_id", - "ordinal": 0, - "type_info": "Int8" - }, - { - "name": "grant_created_at", - "ordinal": 1, - "type_info": "Timestamptz" - }, - { - "name": "grant_cancelled_at", - "ordinal": 2, - "type_info": "Timestamptz" - }, - { - "name": "grant_fulfilled_at", - "ordinal": 3, - "type_info": "Timestamptz" - }, - { - "name": "grant_exchanged_at", - "ordinal": 4, - "type_info": "Timestamptz" - }, - { - "name": "grant_scope", - "ordinal": 5, - "type_info": "Text" - }, - { - "name": "grant_state", - "ordinal": 6, - "type_info": "Text" - }, - { - "name": "grant_redirect_uri", - "ordinal": 7, - "type_info": "Text" - }, - { - "name": "grant_response_mode", - "ordinal": 8, - "type_info": "Text" - }, - { - "name": "grant_nonce", - "ordinal": 9, - "type_info": "Text" - }, - { - "name": "grant_max_age", - "ordinal": 10, - "type_info": "Int4" - }, - { - "name": "grant_acr_values", - "ordinal": 11, - "type_info": "Text" - }, - { - "name": "client_id", - "ordinal": 12, - "type_info": "Text" - }, - { - "name": "grant_code", - "ordinal": 13, - "type_info": "Text" - }, - { - "name": "grant_response_type_code", - "ordinal": 14, - "type_info": "Bool" - }, - { - "name": "grant_response_type_token", - "ordinal": 15, - "type_info": "Bool" - }, - { - "name": "grant_response_type_id_token", - "ordinal": 16, - "type_info": "Bool" - }, - { - "name": "grant_code_challenge", - "ordinal": 17, - "type_info": "Text" - }, - { - "name": "grant_code_challenge_method", - "ordinal": 18, - "type_info": "Text" - }, - { - "name": "session_id?", - "ordinal": 19, - "type_info": "Int8" - }, - { - "name": "user_session_id?", - "ordinal": 20, - "type_info": "Int8" - }, - { - "name": "user_session_created_at?", - "ordinal": 21, - "type_info": "Timestamptz" - }, - { - "name": "user_id?", - "ordinal": 22, - "type_info": "Int8" - }, - { - "name": "user_username?", - "ordinal": 23, - "type_info": "Text" - }, - { - "name": "user_session_last_authentication_id?", - "ordinal": 24, - "type_info": "Int8" - }, - { - "name": "user_session_last_authentication_created_at?", - "ordinal": 25, - "type_info": "Timestamptz" - }, - { - "name": "user_email_id?", - "ordinal": 26, - "type_info": "Int8" - }, - { - "name": "user_email?", - "ordinal": 27, - "type_info": "Text" - }, - { - "name": "user_email_created_at?", - "ordinal": 28, - "type_info": "Timestamptz" - }, - { - "name": "user_email_confirmed_at?", - "ordinal": 29, - "type_info": "Timestamptz" - } - ], - "nullable": [ - false, - false, - true, - true, - true, - false, - true, - false, - false, - true, - true, - true, - false, - true, - false, - false, - false, - true, - true, - false, - false, - false, - false, - false, - false, - false, - false, - false, - false, - true - ], - "parameters": { - "Left": [ - "Int8" - ] - } - }, - "query": "\n SELECT\n og.id AS grant_id,\n og.created_at AS grant_created_at,\n og.cancelled_at AS grant_cancelled_at,\n og.fulfilled_at AS grant_fulfilled_at,\n og.exchanged_at AS grant_exchanged_at,\n og.scope AS grant_scope,\n og.state AS grant_state,\n og.redirect_uri AS grant_redirect_uri,\n og.response_mode AS grant_response_mode,\n og.nonce AS grant_nonce,\n og.max_age AS grant_max_age,\n og.acr_values AS grant_acr_values,\n og.client_id AS client_id,\n og.code AS grant_code,\n og.response_type_code AS grant_response_type_code,\n og.response_type_token AS grant_response_type_token,\n og.response_type_id_token AS grant_response_type_id_token,\n og.code_challenge AS grant_code_challenge,\n og.code_challenge_method AS grant_code_challenge_method,\n os.id AS \"session_id?\",\n us.id AS \"user_session_id?\",\n us.created_at AS \"user_session_created_at?\",\n u.id AS \"user_id?\",\n u.username AS \"user_username?\",\n usa.id AS \"user_session_last_authentication_id?\",\n usa.created_at AS \"user_session_last_authentication_created_at?\",\n ue.id AS \"user_email_id?\",\n ue.email AS \"user_email?\",\n ue.created_at AS \"user_email_created_at?\",\n ue.confirmed_at AS \"user_email_confirmed_at?\"\n FROM\n oauth2_authorization_grants og\n LEFT JOIN oauth2_sessions os\n ON os.id = og.oauth2_session_id\n LEFT JOIN user_sessions us\n ON us.id = os.user_session_id\n LEFT JOIN users u\n ON u.id = us.user_id\n LEFT JOIN user_session_authentications usa\n ON usa.session_id = us.id\n LEFT JOIN user_emails ue\n ON ue.id = u.primary_email_id\n\n WHERE og.id = $1\n\n ORDER BY usa.created_at DESC\n LIMIT 1\n " - }, "307fd9f71e7a94a0a0d9ce523ee9792e127485d0d12480c43f179dd9b75afbab": { "describe": { "columns": [ @@ -409,45 +81,6 @@ }, "query": "\n INSERT INTO user_sessions (user_id)\n VALUES ($1)\n RETURNING id, created_at\n " }, - "38641231a3bff71252e8bc0ead3a033c9148762ea64d707642551c01a4c89b84": { - "describe": { - "columns": [ - { - "name": "id", - "ordinal": 0, - "type_info": "Int8" - }, - { - "name": "created_at", - "ordinal": 1, - "type_info": "Timestamptz" - } - ], - "nullable": [ - false, - false - ], - "parameters": { - "Left": [ - "Text", - "Text", - "Text", - "Text", - "Text", - "Int4", - "Text", - "Text", - "Text", - "Text", - "Bool", - "Bool", - "Bool", - "Text" - ] - } - }, - "query": "\n INSERT INTO oauth2_authorization_grants\n (client_id, redirect_uri, scope, state, nonce, max_age,\n acr_values, response_mode, code_challenge, code_challenge_method,\n response_type_code, response_type_token, response_type_id_token,\n code)\n VALUES\n ($1, $2, $3, $4, $5, $6, $7, $8, $9, $10, $11, $12, $13, $14)\n RETURNING id, created_at\n " - }, "41b5ecd6860791ac6f90417ac51eb977b8c69a3dd81af4672b2592efb65963eb": { "describe": { "columns": [ @@ -572,6 +205,200 @@ }, "query": "\n UPDATE users\n SET primary_email_id = user_emails.id \n FROM user_emails\n WHERE user_emails.id = $1\n AND users.id = user_emails.user_id\n " }, + "4f0e5c9a6d345a1f1e154d61cd7bb4d67f5d20499b411a44e6d8c39b5ef75ca6": { + "describe": { + "columns": [ + { + "name": "grant_id", + "ordinal": 0, + "type_info": "Int8" + }, + { + "name": "grant_created_at", + "ordinal": 1, + "type_info": "Timestamptz" + }, + { + "name": "grant_cancelled_at", + "ordinal": 2, + "type_info": "Timestamptz" + }, + { + "name": "grant_fulfilled_at", + "ordinal": 3, + "type_info": "Timestamptz" + }, + { + "name": "grant_exchanged_at", + "ordinal": 4, + "type_info": "Timestamptz" + }, + { + "name": "grant_scope", + "ordinal": 5, + "type_info": "Text" + }, + { + "name": "grant_state", + "ordinal": 6, + "type_info": "Text" + }, + { + "name": "grant_redirect_uri", + "ordinal": 7, + "type_info": "Text" + }, + { + "name": "grant_response_mode", + "ordinal": 8, + "type_info": "Text" + }, + { + "name": "grant_nonce", + "ordinal": 9, + "type_info": "Text" + }, + { + "name": "grant_max_age", + "ordinal": 10, + "type_info": "Int4" + }, + { + "name": "grant_acr_values", + "ordinal": 11, + "type_info": "Text" + }, + { + "name": "oauth2_client_id", + "ordinal": 12, + "type_info": "Int8" + }, + { + "name": "grant_code", + "ordinal": 13, + "type_info": "Text" + }, + { + "name": "grant_response_type_code", + "ordinal": 14, + "type_info": "Bool" + }, + { + "name": "grant_response_type_token", + "ordinal": 15, + "type_info": "Bool" + }, + { + "name": "grant_response_type_id_token", + "ordinal": 16, + "type_info": "Bool" + }, + { + "name": "grant_code_challenge", + "ordinal": 17, + "type_info": "Text" + }, + { + "name": "grant_code_challenge_method", + "ordinal": 18, + "type_info": "Text" + }, + { + "name": "session_id?", + "ordinal": 19, + "type_info": "Int8" + }, + { + "name": "user_session_id?", + "ordinal": 20, + "type_info": "Int8" + }, + { + "name": "user_session_created_at?", + "ordinal": 21, + "type_info": "Timestamptz" + }, + { + "name": "user_id?", + "ordinal": 22, + "type_info": "Int8" + }, + { + "name": "user_username?", + "ordinal": 23, + "type_info": "Text" + }, + { + "name": "user_session_last_authentication_id?", + "ordinal": 24, + "type_info": "Int8" + }, + { + "name": "user_session_last_authentication_created_at?", + "ordinal": 25, + "type_info": "Timestamptz" + }, + { + "name": "user_email_id?", + "ordinal": 26, + "type_info": "Int8" + }, + { + "name": "user_email?", + "ordinal": 27, + "type_info": "Text" + }, + { + "name": "user_email_created_at?", + "ordinal": 28, + "type_info": "Timestamptz" + }, + { + "name": "user_email_confirmed_at?", + "ordinal": 29, + "type_info": "Timestamptz" + } + ], + "nullable": [ + false, + false, + true, + true, + true, + false, + true, + false, + false, + true, + true, + true, + false, + true, + false, + false, + false, + true, + true, + false, + false, + false, + false, + false, + false, + false, + false, + false, + false, + true + ], + "parameters": { + "Left": [ + "Int8" + ] + } + }, + "query": "\n SELECT\n og.id AS grant_id,\n og.created_at AS grant_created_at,\n og.cancelled_at AS grant_cancelled_at,\n og.fulfilled_at AS grant_fulfilled_at,\n og.exchanged_at AS grant_exchanged_at,\n og.scope AS grant_scope,\n og.state AS grant_state,\n og.redirect_uri AS grant_redirect_uri,\n og.response_mode AS grant_response_mode,\n og.nonce AS grant_nonce,\n og.max_age AS grant_max_age,\n og.acr_values AS grant_acr_values,\n og.oauth2_client_id AS oauth2_client_id,\n og.code AS grant_code,\n og.response_type_code AS grant_response_type_code,\n og.response_type_token AS grant_response_type_token,\n og.response_type_id_token AS grant_response_type_id_token,\n og.code_challenge AS grant_code_challenge,\n og.code_challenge_method AS grant_code_challenge_method,\n os.id AS \"session_id?\",\n us.id AS \"user_session_id?\",\n us.created_at AS \"user_session_created_at?\",\n u.id AS \"user_id?\",\n u.username AS \"user_username?\",\n usa.id AS \"user_session_last_authentication_id?\",\n usa.created_at AS \"user_session_last_authentication_created_at?\",\n ue.id AS \"user_email_id?\",\n ue.email AS \"user_email?\",\n ue.created_at AS \"user_email_created_at?\",\n ue.confirmed_at AS \"user_email_confirmed_at?\"\n FROM\n oauth2_authorization_grants og\n LEFT JOIN oauth2_sessions os\n ON os.id = og.oauth2_session_id\n LEFT JOIN user_sessions us\n ON us.id = os.user_session_id\n LEFT JOIN users u\n ON u.id = us.user_id\n LEFT JOIN user_session_authentications usa\n ON usa.session_id = us.id\n LEFT JOIN user_emails ue\n ON ue.id = u.primary_email_id\n\n WHERE og.id = $1\n\n ORDER BY usa.created_at DESC\n LIMIT 1\n " + }, "581243a7f0c033548cc9644e0c60855ecb8bfefe51779eb135dd7547b886de79": { "describe": { "columns": [], @@ -612,6 +439,140 @@ }, "query": "\n INSERT INTO oauth2_access_tokens\n (oauth2_session_id, token, expires_after)\n VALUES\n ($1, $2, $3)\n RETURNING\n id, created_at\n " }, + "5a85be31a95fb0028e9ebc465b543b8daf4a65e80a35dcf8c710068cd9633df8": { + "describe": { + "columns": [ + { + "name": "refresh_token_id", + "ordinal": 0, + "type_info": "Int8" + }, + { + "name": "refresh_token", + "ordinal": 1, + "type_info": "Text" + }, + { + "name": "refresh_token_created_at", + "ordinal": 2, + "type_info": "Timestamptz" + }, + { + "name": "access_token_id?", + "ordinal": 3, + "type_info": "Int8" + }, + { + "name": "access_token?", + "ordinal": 4, + "type_info": "Text" + }, + { + "name": "access_token_expires_after?", + "ordinal": 5, + "type_info": "Int4" + }, + { + "name": "access_token_created_at?", + "ordinal": 6, + "type_info": "Timestamptz" + }, + { + "name": "session_id!", + "ordinal": 7, + "type_info": "Int8" + }, + { + "name": "oauth2_client_id!", + "ordinal": 8, + "type_info": "Int8" + }, + { + "name": "scope!", + "ordinal": 9, + "type_info": "Text" + }, + { + "name": "user_session_id!", + "ordinal": 10, + "type_info": "Int8" + }, + { + "name": "user_session_created_at!", + "ordinal": 11, + "type_info": "Timestamptz" + }, + { + "name": "user_id!", + "ordinal": 12, + "type_info": "Int8" + }, + { + "name": "user_username!", + "ordinal": 13, + "type_info": "Text" + }, + { + "name": "user_session_last_authentication_id?", + "ordinal": 14, + "type_info": "Int8" + }, + { + "name": "user_session_last_authentication_created_at?", + "ordinal": 15, + "type_info": "Timestamptz" + }, + { + "name": "user_email_id?", + "ordinal": 16, + "type_info": "Int8" + }, + { + "name": "user_email?", + "ordinal": 17, + "type_info": "Text" + }, + { + "name": "user_email_created_at?", + "ordinal": 18, + "type_info": "Timestamptz" + }, + { + "name": "user_email_confirmed_at?", + "ordinal": 19, + "type_info": "Timestamptz" + } + ], + "nullable": [ + false, + false, + false, + false, + false, + false, + false, + false, + false, + false, + false, + false, + false, + false, + false, + false, + false, + false, + false, + true + ], + "parameters": { + "Left": [ + "Text" + ] + } + }, + "query": "\n SELECT\n rt.id AS refresh_token_id,\n rt.token AS refresh_token,\n rt.created_at AS refresh_token_created_at,\n at.id AS \"access_token_id?\",\n at.token AS \"access_token?\",\n at.expires_after AS \"access_token_expires_after?\",\n at.created_at AS \"access_token_created_at?\",\n os.id AS \"session_id!\",\n os.oauth2_client_id AS \"oauth2_client_id!\",\n os.scope AS \"scope!\",\n us.id AS \"user_session_id!\",\n us.created_at AS \"user_session_created_at!\",\n u.id AS \"user_id!\",\n u.username AS \"user_username!\",\n usa.id AS \"user_session_last_authentication_id?\",\n usa.created_at AS \"user_session_last_authentication_created_at?\",\n ue.id AS \"user_email_id?\",\n ue.email AS \"user_email?\",\n ue.created_at AS \"user_email_created_at?\",\n ue.confirmed_at AS \"user_email_confirmed_at?\"\n FROM oauth2_refresh_tokens rt\n LEFT JOIN oauth2_access_tokens at\n ON at.id = rt.oauth2_access_token_id\n INNER JOIN oauth2_sessions os\n ON os.id = rt.oauth2_session_id\n INNER JOIN user_sessions us\n ON us.id = os.user_session_id\n INNER JOIN users u\n ON u.id = us.user_id\n LEFT JOIN user_session_authentications usa\n ON usa.session_id = us.id\n LEFT JOIN user_emails ue\n ON ue.id = u.primary_email_id\n\n WHERE rt.token = $1\n AND rt.next_token_id IS NULL\n AND us.active\n AND os.ended_at IS NULL\n\n ORDER BY usa.created_at DESC\n LIMIT 1\n " + }, "5d1a17b2ad6153217551ae31549ad9d62cc39d2f9a4e62a7ccb60fd91e0ac685": { "describe": { "columns": [], @@ -1007,6 +968,33 @@ }, "query": "\n SELECT\n c.id,\n c.client_id,\n c.encrypted_client_secret,\n ARRAY(SELECT redirect_uri FROM oauth2_client_redirect_uris r WHERE r.oauth2_client_id = c.id) AS \"redirect_uris!\",\n c.response_types,\n c.grant_type_authorization_code,\n c.grant_type_refresh_token,\n c.contacts,\n c.client_name,\n c.logo_uri,\n c.client_uri,\n c.policy_uri,\n c.tos_uri,\n c.jwks_uri,\n c.jwks,\n c.id_token_signed_response_alg,\n c.userinfo_signed_response_alg,\n c.token_endpoint_auth_method,\n c.token_endpoint_auth_signing_alg,\n c.initiate_login_uri\n FROM oauth2_clients c\n\n WHERE c.id = $1\n " }, + "79c5cb47e7074be1f8d4684ab175ab8c3972b2a83f0abd2a47141fbd23793175": { + "describe": { + "columns": [ + { + "name": "id", + "ordinal": 0, + "type_info": "Int8" + }, + { + "name": "created_at", + "ordinal": 1, + "type_info": "Timestamptz" + } + ], + "nullable": [ + false, + false + ], + "parameters": { + "Left": [ + "Int8", + "Int8" + ] + } + }, + "query": "\n INSERT INTO oauth2_sessions\n (user_session_id, oauth2_client_id, scope)\n SELECT\n $1,\n og.oauth2_client_id,\n og.scope\n FROM\n oauth2_authorization_grants og\n WHERE\n og.id = $2\n RETURNING id, created_at\n " + }, "7de9cfa6e90ba20f5b298ea387cf13a7e40d0f5b3eb903a80d06fbe33074d596": { "describe": { "columns": [ @@ -1039,6 +1027,200 @@ }, "query": "\n DELETE FROM oauth2_access_tokens\n WHERE id = $1\n " }, + "99270fd3ddcc7421c5b26d0b8e0116356c13166887e7cf6ed6352cc879c80a68": { + "describe": { + "columns": [ + { + "name": "grant_id", + "ordinal": 0, + "type_info": "Int8" + }, + { + "name": "grant_created_at", + "ordinal": 1, + "type_info": "Timestamptz" + }, + { + "name": "grant_cancelled_at", + "ordinal": 2, + "type_info": "Timestamptz" + }, + { + "name": "grant_fulfilled_at", + "ordinal": 3, + "type_info": "Timestamptz" + }, + { + "name": "grant_exchanged_at", + "ordinal": 4, + "type_info": "Timestamptz" + }, + { + "name": "grant_scope", + "ordinal": 5, + "type_info": "Text" + }, + { + "name": "grant_state", + "ordinal": 6, + "type_info": "Text" + }, + { + "name": "grant_redirect_uri", + "ordinal": 7, + "type_info": "Text" + }, + { + "name": "grant_response_mode", + "ordinal": 8, + "type_info": "Text" + }, + { + "name": "grant_nonce", + "ordinal": 9, + "type_info": "Text" + }, + { + "name": "grant_max_age", + "ordinal": 10, + "type_info": "Int4" + }, + { + "name": "grant_acr_values", + "ordinal": 11, + "type_info": "Text" + }, + { + "name": "oauth2_client_id", + "ordinal": 12, + "type_info": "Int8" + }, + { + "name": "grant_code", + "ordinal": 13, + "type_info": "Text" + }, + { + "name": "grant_response_type_code", + "ordinal": 14, + "type_info": "Bool" + }, + { + "name": "grant_response_type_token", + "ordinal": 15, + "type_info": "Bool" + }, + { + "name": "grant_response_type_id_token", + "ordinal": 16, + "type_info": "Bool" + }, + { + "name": "grant_code_challenge", + "ordinal": 17, + "type_info": "Text" + }, + { + "name": "grant_code_challenge_method", + "ordinal": 18, + "type_info": "Text" + }, + { + "name": "session_id?", + "ordinal": 19, + "type_info": "Int8" + }, + { + "name": "user_session_id?", + "ordinal": 20, + "type_info": "Int8" + }, + { + "name": "user_session_created_at?", + "ordinal": 21, + "type_info": "Timestamptz" + }, + { + "name": "user_id?", + "ordinal": 22, + "type_info": "Int8" + }, + { + "name": "user_username?", + "ordinal": 23, + "type_info": "Text" + }, + { + "name": "user_session_last_authentication_id?", + "ordinal": 24, + "type_info": "Int8" + }, + { + "name": "user_session_last_authentication_created_at?", + "ordinal": 25, + "type_info": "Timestamptz" + }, + { + "name": "user_email_id?", + "ordinal": 26, + "type_info": "Int8" + }, + { + "name": "user_email?", + "ordinal": 27, + "type_info": "Text" + }, + { + "name": "user_email_created_at?", + "ordinal": 28, + "type_info": "Timestamptz" + }, + { + "name": "user_email_confirmed_at?", + "ordinal": 29, + "type_info": "Timestamptz" + } + ], + "nullable": [ + false, + false, + true, + true, + true, + false, + true, + false, + false, + true, + true, + true, + false, + true, + false, + false, + false, + true, + true, + false, + false, + false, + false, + false, + false, + false, + false, + false, + false, + true + ], + "parameters": { + "Left": [ + "Text" + ] + } + }, + "query": "\n SELECT\n og.id AS grant_id,\n og.created_at AS grant_created_at,\n og.cancelled_at AS grant_cancelled_at,\n og.fulfilled_at AS grant_fulfilled_at,\n og.exchanged_at AS grant_exchanged_at,\n og.scope AS grant_scope,\n og.state AS grant_state,\n og.redirect_uri AS grant_redirect_uri,\n og.response_mode AS grant_response_mode,\n og.nonce AS grant_nonce,\n og.max_age AS grant_max_age,\n og.acr_values AS grant_acr_values,\n og.oauth2_client_id AS oauth2_client_id,\n og.code AS grant_code,\n og.response_type_code AS grant_response_type_code,\n og.response_type_token AS grant_response_type_token,\n og.response_type_id_token AS grant_response_type_id_token,\n og.code_challenge AS grant_code_challenge,\n og.code_challenge_method AS grant_code_challenge_method,\n os.id AS \"session_id?\",\n us.id AS \"user_session_id?\",\n us.created_at AS \"user_session_created_at?\",\n u.id AS \"user_id?\",\n u.username AS \"user_username?\",\n usa.id AS \"user_session_last_authentication_id?\",\n usa.created_at AS \"user_session_last_authentication_created_at?\",\n ue.id AS \"user_email_id?\",\n ue.email AS \"user_email?\",\n ue.created_at AS \"user_email_created_at?\",\n ue.confirmed_at AS \"user_email_confirmed_at?\"\n FROM\n oauth2_authorization_grants og\n LEFT JOIN oauth2_sessions os\n ON os.id = og.oauth2_session_id\n LEFT JOIN user_sessions us\n ON us.id = os.user_session_id\n LEFT JOIN users u\n ON u.id = us.user_id\n LEFT JOIN user_session_authentications usa\n ON usa.session_id = us.id\n LEFT JOIN user_emails ue\n ON ue.id = u.primary_email_id\n\n WHERE og.code = $1\n\n ORDER BY usa.created_at DESC\n LIMIT 1\n " + }, "99a1504e3cf80fb4eaad40e8593ac722ba1da7ee29ae674fa9ffe37dffa8b361": { "describe": { "columns": [], @@ -1064,16 +1246,6 @@ }, "query": "UPDATE user_sessions SET active = FALSE WHERE id = $1" }, - "a2bb4dcf950385e843068c7b77db08118ec892d0d24d05da6ac9263101c340b6": { - "describe": { - "columns": [], - "nullable": [], - "parameters": { - "Left": [] - } - }, - "query": "TRUNCATE oauth2_client_redirect_uris, oauth2_clients" - }, "a80c14ba82cfc29493048d9e9578ec5ca482c9228efc7c7212dae4fed86b8367": { "describe": { "columns": [], @@ -1087,6 +1259,45 @@ }, "query": "\n INSERT INTO oauth2_client_redirect_uris (oauth2_client_id, redirect_uri)\n SELECT $1, uri FROM UNNEST($2::text[]) uri\n " }, + "aadf15f5f4396c9f571419784ef776827ec44e2b3b1b11c2934276c66f96f7d9": { + "describe": { + "columns": [ + { + "name": "id", + "ordinal": 0, + "type_info": "Int8" + }, + { + "name": "created_at", + "ordinal": 1, + "type_info": "Timestamptz" + } + ], + "nullable": [ + false, + false + ], + "parameters": { + "Left": [ + "Int8", + "Text", + "Text", + "Text", + "Text", + "Int4", + "Text", + "Text", + "Text", + "Text", + "Bool", + "Bool", + "Bool", + "Text" + ] + } + }, + "query": "\n INSERT INTO oauth2_authorization_grants\n (oauth2_client_id, redirect_uri, scope, state, nonce, max_age,\n acr_values, response_mode, code_challenge, code_challenge_method,\n response_type_code, response_type_token, response_type_id_token,\n code)\n VALUES\n ($1, $2, $3, $4, $5, $6, $7, $8, $9, $10, $11, $12, $13, $14)\n RETURNING id, created_at\n " + }, "aea289a04e151da235825305a5085bc6aa100fce139dbf10a2c1bed4867fc52a": { "describe": { "columns": [ @@ -1259,33 +1470,6 @@ }, "query": "\n SELECT\n ev.id AS \"verification_id\",\n (ev.created_at + $2 < NOW()) AS \"verification_expired!\",\n ev.created_at AS \"verification_created_at\",\n ev.consumed_at AS \"verification_consumed_at\",\n ue.id AS \"user_email_id\",\n ue.email AS \"user_email\",\n ue.created_at AS \"user_email_created_at\",\n ue.confirmed_at AS \"user_email_confirmed_at\"\n FROM user_email_verifications ev\n INNER JOIN user_emails ue\n ON ue.id = ev.user_email_id\n WHERE ev.code = $1\n " }, - "c29e741474aacc91c0aacc028a9e7452a5327d5ce6d4b791bf20a2636069087e": { - "describe": { - "columns": [ - { - "name": "id", - "ordinal": 0, - "type_info": "Int8" - }, - { - "name": "created_at", - "ordinal": 1, - "type_info": "Timestamptz" - } - ], - "nullable": [ - false, - false - ], - "parameters": { - "Left": [ - "Int8", - "Int8" - ] - } - }, - "query": "\n INSERT INTO oauth2_sessions\n (user_session_id, client_id, scope)\n SELECT\n $1,\n og.client_id,\n og.scope\n FROM\n oauth2_authorization_grants og\n WHERE\n og.id = $2\n RETURNING id, created_at\n " - }, "c2c402cfe0adcafa615f14a499caba4c96ca71d9ffb163e1feb05e5d85f3462c": { "describe": { "columns": [], @@ -1299,122 +1483,6 @@ }, "query": "\n UPDATE oauth2_refresh_tokens\n SET next_token_id = $2\n WHERE id = $1\n " }, - "cf1b7513a56d20e405bf11f806adea2853a08ee05497c952bb3ee1dadc866d4b": { - "describe": { - "columns": [ - { - "name": "access_token_id", - "ordinal": 0, - "type_info": "Int8" - }, - { - "name": "access_token", - "ordinal": 1, - "type_info": "Text" - }, - { - "name": "access_token_expires_after", - "ordinal": 2, - "type_info": "Int4" - }, - { - "name": "access_token_created_at", - "ordinal": 3, - "type_info": "Timestamptz" - }, - { - "name": "session_id!", - "ordinal": 4, - "type_info": "Int8" - }, - { - "name": "client_id!", - "ordinal": 5, - "type_info": "Text" - }, - { - "name": "scope!", - "ordinal": 6, - "type_info": "Text" - }, - { - "name": "user_session_id!", - "ordinal": 7, - "type_info": "Int8" - }, - { - "name": "user_session_created_at!", - "ordinal": 8, - "type_info": "Timestamptz" - }, - { - "name": "user_id!", - "ordinal": 9, - "type_info": "Int8" - }, - { - "name": "user_username!", - "ordinal": 10, - "type_info": "Text" - }, - { - "name": "user_session_last_authentication_id?", - "ordinal": 11, - "type_info": "Int8" - }, - { - "name": "user_session_last_authentication_created_at?", - "ordinal": 12, - "type_info": "Timestamptz" - }, - { - "name": "user_email_id?", - "ordinal": 13, - "type_info": "Int8" - }, - { - "name": "user_email?", - "ordinal": 14, - "type_info": "Text" - }, - { - "name": "user_email_created_at?", - "ordinal": 15, - "type_info": "Timestamptz" - }, - { - "name": "user_email_confirmed_at?", - "ordinal": 16, - "type_info": "Timestamptz" - } - ], - "nullable": [ - false, - false, - false, - false, - false, - false, - false, - false, - false, - false, - false, - false, - false, - false, - false, - false, - true - ], - "parameters": { - "Left": [ - "Text" - ] - } - }, - "query": "\n SELECT\n at.id AS \"access_token_id\",\n at.token AS \"access_token\",\n at.expires_after AS \"access_token_expires_after\",\n at.created_at AS \"access_token_created_at\",\n os.id AS \"session_id!\",\n os.client_id AS \"client_id!\",\n os.scope AS \"scope!\",\n us.id AS \"user_session_id!\",\n us.created_at AS \"user_session_created_at!\",\n u.id AS \"user_id!\",\n u.username AS \"user_username!\",\n usa.id AS \"user_session_last_authentication_id?\",\n usa.created_at AS \"user_session_last_authentication_created_at?\",\n ue.id AS \"user_email_id?\",\n ue.email AS \"user_email?\",\n ue.created_at AS \"user_email_created_at?\",\n ue.confirmed_at AS \"user_email_confirmed_at?\"\n\n FROM oauth2_access_tokens at\n INNER JOIN oauth2_sessions os\n ON os.id = at.oauth2_session_id\n INNER JOIN user_sessions us\n ON us.id = os.user_session_id\n INNER JOIN users u\n ON u.id = us.user_id\n LEFT JOIN user_session_authentications usa\n ON usa.session_id = us.id\n LEFT JOIN user_emails ue\n ON ue.id = u.primary_email_id\n\n WHERE at.token = $1\n AND at.created_at + (at.expires_after * INTERVAL '1 second') >= now()\n AND us.active\n AND os.ended_at IS NULL\n\n ORDER BY usa.created_at DESC\n LIMIT 1\n " - }, "d2f767218ec2489058db9a0382ca0eea20379c30aeae9f492da4ba35b66f4dc7": { "describe": { "columns": [], @@ -1427,200 +1495,6 @@ }, "query": "\n DELETE FROM user_emails\n WHERE user_emails.id = $1\n " }, - "d3883020ad9a0e5ea72fb9ddd2801a067209488a6ef3179afbc8173e4cc729de": { - "describe": { - "columns": [ - { - "name": "grant_id", - "ordinal": 0, - "type_info": "Int8" - }, - { - "name": "grant_created_at", - "ordinal": 1, - "type_info": "Timestamptz" - }, - { - "name": "grant_cancelled_at", - "ordinal": 2, - "type_info": "Timestamptz" - }, - { - "name": "grant_fulfilled_at", - "ordinal": 3, - "type_info": "Timestamptz" - }, - { - "name": "grant_exchanged_at", - "ordinal": 4, - "type_info": "Timestamptz" - }, - { - "name": "grant_scope", - "ordinal": 5, - "type_info": "Text" - }, - { - "name": "grant_state", - "ordinal": 6, - "type_info": "Text" - }, - { - "name": "grant_redirect_uri", - "ordinal": 7, - "type_info": "Text" - }, - { - "name": "grant_response_mode", - "ordinal": 8, - "type_info": "Text" - }, - { - "name": "grant_nonce", - "ordinal": 9, - "type_info": "Text" - }, - { - "name": "grant_max_age", - "ordinal": 10, - "type_info": "Int4" - }, - { - "name": "grant_acr_values", - "ordinal": 11, - "type_info": "Text" - }, - { - "name": "client_id", - "ordinal": 12, - "type_info": "Text" - }, - { - "name": "grant_code", - "ordinal": 13, - "type_info": "Text" - }, - { - "name": "grant_response_type_code", - "ordinal": 14, - "type_info": "Bool" - }, - { - "name": "grant_response_type_token", - "ordinal": 15, - "type_info": "Bool" - }, - { - "name": "grant_response_type_id_token", - "ordinal": 16, - "type_info": "Bool" - }, - { - "name": "grant_code_challenge", - "ordinal": 17, - "type_info": "Text" - }, - { - "name": "grant_code_challenge_method", - "ordinal": 18, - "type_info": "Text" - }, - { - "name": "session_id?", - "ordinal": 19, - "type_info": "Int8" - }, - { - "name": "user_session_id?", - "ordinal": 20, - "type_info": "Int8" - }, - { - "name": "user_session_created_at?", - "ordinal": 21, - "type_info": "Timestamptz" - }, - { - "name": "user_id?", - "ordinal": 22, - "type_info": "Int8" - }, - { - "name": "user_username?", - "ordinal": 23, - "type_info": "Text" - }, - { - "name": "user_session_last_authentication_id?", - "ordinal": 24, - "type_info": "Int8" - }, - { - "name": "user_session_last_authentication_created_at?", - "ordinal": 25, - "type_info": "Timestamptz" - }, - { - "name": "user_email_id?", - "ordinal": 26, - "type_info": "Int8" - }, - { - "name": "user_email?", - "ordinal": 27, - "type_info": "Text" - }, - { - "name": "user_email_created_at?", - "ordinal": 28, - "type_info": "Timestamptz" - }, - { - "name": "user_email_confirmed_at?", - "ordinal": 29, - "type_info": "Timestamptz" - } - ], - "nullable": [ - false, - false, - true, - true, - true, - false, - true, - false, - false, - true, - true, - true, - false, - true, - false, - false, - false, - true, - true, - false, - false, - false, - false, - false, - false, - false, - false, - false, - false, - true - ], - "parameters": { - "Left": [ - "Text" - ] - } - }, - "query": "\n SELECT\n og.id AS grant_id,\n og.created_at AS grant_created_at,\n og.cancelled_at AS grant_cancelled_at,\n og.fulfilled_at AS grant_fulfilled_at,\n og.exchanged_at AS grant_exchanged_at,\n og.scope AS grant_scope,\n og.state AS grant_state,\n og.redirect_uri AS grant_redirect_uri,\n og.response_mode AS grant_response_mode,\n og.nonce AS grant_nonce,\n og.max_age AS grant_max_age,\n og.acr_values AS grant_acr_values,\n og.client_id AS client_id,\n og.code AS grant_code,\n og.response_type_code AS grant_response_type_code,\n og.response_type_token AS grant_response_type_token,\n og.response_type_id_token AS grant_response_type_id_token,\n og.code_challenge AS grant_code_challenge,\n og.code_challenge_method AS grant_code_challenge_method,\n os.id AS \"session_id?\",\n us.id AS \"user_session_id?\",\n us.created_at AS \"user_session_created_at?\",\n u.id AS \"user_id?\",\n u.username AS \"user_username?\",\n usa.id AS \"user_session_last_authentication_id?\",\n usa.created_at AS \"user_session_last_authentication_created_at?\",\n ue.id AS \"user_email_id?\",\n ue.email AS \"user_email?\",\n ue.created_at AS \"user_email_created_at?\",\n ue.confirmed_at AS \"user_email_confirmed_at?\"\n FROM\n oauth2_authorization_grants og\n LEFT JOIN oauth2_sessions os\n ON os.id = og.oauth2_session_id\n LEFT JOIN user_sessions us\n ON us.id = os.user_session_id\n LEFT JOIN users u\n ON u.id = us.user_id\n LEFT JOIN user_session_authentications usa\n ON usa.session_id = us.id\n LEFT JOIN user_emails ue\n ON ue.id = u.primary_email_id\n\n WHERE og.code = $1\n\n ORDER BY usa.created_at DESC\n LIMIT 1\n " - }, "d604e13bdfb2ff3d354d995f0b68f04091847755db98bafea7c45bd7b5c4ab68": { "describe": { "columns": [ @@ -1739,6 +1613,122 @@ }, "query": "\n INSERT INTO users (username)\n VALUES ($1)\n RETURNING id\n " }, + "df38de13e2f345175f9ef46b4ae2a4f6637dbf74bb28559da8f4d8969f411d14": { + "describe": { + "columns": [ + { + "name": "access_token_id", + "ordinal": 0, + "type_info": "Int8" + }, + { + "name": "access_token", + "ordinal": 1, + "type_info": "Text" + }, + { + "name": "access_token_expires_after", + "ordinal": 2, + "type_info": "Int4" + }, + { + "name": "access_token_created_at", + "ordinal": 3, + "type_info": "Timestamptz" + }, + { + "name": "session_id!", + "ordinal": 4, + "type_info": "Int8" + }, + { + "name": "oauth2_client_id!", + "ordinal": 5, + "type_info": "Int8" + }, + { + "name": "scope!", + "ordinal": 6, + "type_info": "Text" + }, + { + "name": "user_session_id!", + "ordinal": 7, + "type_info": "Int8" + }, + { + "name": "user_session_created_at!", + "ordinal": 8, + "type_info": "Timestamptz" + }, + { + "name": "user_id!", + "ordinal": 9, + "type_info": "Int8" + }, + { + "name": "user_username!", + "ordinal": 10, + "type_info": "Text" + }, + { + "name": "user_session_last_authentication_id?", + "ordinal": 11, + "type_info": "Int8" + }, + { + "name": "user_session_last_authentication_created_at?", + "ordinal": 12, + "type_info": "Timestamptz" + }, + { + "name": "user_email_id?", + "ordinal": 13, + "type_info": "Int8" + }, + { + "name": "user_email?", + "ordinal": 14, + "type_info": "Text" + }, + { + "name": "user_email_created_at?", + "ordinal": 15, + "type_info": "Timestamptz" + }, + { + "name": "user_email_confirmed_at?", + "ordinal": 16, + "type_info": "Timestamptz" + } + ], + "nullable": [ + false, + false, + false, + false, + false, + false, + false, + false, + false, + false, + false, + false, + false, + false, + false, + false, + true + ], + "parameters": { + "Left": [ + "Text" + ] + } + }, + "query": "\n SELECT\n at.id AS \"access_token_id\",\n at.token AS \"access_token\",\n at.expires_after AS \"access_token_expires_after\",\n at.created_at AS \"access_token_created_at\",\n os.id AS \"session_id!\",\n os.oauth2_client_id AS \"oauth2_client_id!\",\n os.scope AS \"scope!\",\n us.id AS \"user_session_id!\",\n us.created_at AS \"user_session_created_at!\",\n u.id AS \"user_id!\",\n u.username AS \"user_username!\",\n usa.id AS \"user_session_last_authentication_id?\",\n usa.created_at AS \"user_session_last_authentication_created_at?\",\n ue.id AS \"user_email_id?\",\n ue.email AS \"user_email?\",\n ue.created_at AS \"user_email_created_at?\",\n ue.confirmed_at AS \"user_email_confirmed_at?\"\n\n FROM oauth2_access_tokens at\n INNER JOIN oauth2_sessions os\n ON os.id = at.oauth2_session_id\n INNER JOIN user_sessions us\n ON us.id = os.user_session_id\n INNER JOIN users u\n ON u.id = us.user_id\n LEFT JOIN user_session_authentications usa\n ON usa.session_id = us.id\n LEFT JOIN user_emails ue\n ON ue.id = u.primary_email_id\n\n WHERE at.token = $1\n AND at.created_at + (at.expires_after * INTERVAL '1 second') >= now()\n AND us.active\n AND os.ended_at IS NULL\n\n ORDER BY usa.created_at DESC\n LIMIT 1\n " + }, "e5cd99bdaf9c678fc659431fecc5d76b25bb08b781fd17e50eda82ea3aa8cea8": { "describe": { "columns": [ @@ -1758,5 +1748,15 @@ } }, "query": "\n SELECT COUNT(*) as \"count!\"\n FROM user_sessions s\n WHERE s.user_id = $1 AND s.active\n " + }, + "ebf73a609e81830b16700d2c315fffa93fd85b2886e29f234d9953b18a9f72b5": { + "describe": { + "columns": [], + "nullable": [], + "parameters": { + "Left": [] + } + }, + "query": "TRUNCATE oauth2_client_redirect_uris, oauth2_clients RESTART IDENTITY CASCADE" } } \ No newline at end of file diff --git a/crates/storage/src/oauth2/access_token.rs b/crates/storage/src/oauth2/access_token.rs index 109c0a08..56cbc8a9 100644 --- a/crates/storage/src/oauth2/access_token.rs +++ b/crates/storage/src/oauth2/access_token.rs @@ -18,7 +18,7 @@ use mas_data_model::{AccessToken, Authentication, BrowserSession, Session, User, use sqlx::{Acquire, PgExecutor, Postgres}; use thiserror::Error; -use super::client::{lookup_client_by_client_id, ClientFetchError}; +use super::client::{lookup_client, ClientFetchError}; use crate::{DatabaseInconsistencyError, IdAndCreationTime, PostgresqlBackend}; pub async fn add_access_token( @@ -64,7 +64,7 @@ pub struct OAuth2AccessTokenLookup { access_token_expires_after: i32, access_token_created_at: DateTime, session_id: i64, - client_id: String, + oauth2_client_id: i64, scope: String, user_session_id: i64, user_session_created_at: DateTime, @@ -119,7 +119,7 @@ where at.expires_after AS "access_token_expires_after", at.created_at AS "access_token_created_at", os.id AS "session_id!", - os.client_id AS "client_id!", + os.oauth2_client_id AS "oauth2_client_id!", os.scope AS "scope!", us.id AS "user_session_id!", us.created_at AS "user_session_created_at!", @@ -165,7 +165,7 @@ where expires_after: Duration::seconds(res.access_token_expires_after.into()), }; - let client = lookup_client_by_client_id(&mut *conn, &res.client_id).await?; + let client = lookup_client(&mut *conn, res.oauth2_client_id).await?; let primary_email = match ( res.user_email_id, diff --git a/crates/storage/src/oauth2/authorization_grant.rs b/crates/storage/src/oauth2/authorization_grant.rs index 94dbc36b..3c35fee8 100644 --- a/crates/storage/src/oauth2/authorization_grant.rs +++ b/crates/storage/src/oauth2/authorization_grant.rs @@ -27,7 +27,7 @@ use oauth2_types::{requests::ResponseMode, scope::Scope}; use sqlx::{PgConnection, PgExecutor}; use url::Url; -use super::client::lookup_client_by_client_id; +use super::client::{lookup_client}; use crate::{DatabaseInconsistencyError, IdAndCreationTime, PostgresqlBackend}; #[allow(clippy::too_many_arguments)] @@ -58,7 +58,7 @@ pub async fn new_authorization_grant( IdAndCreationTime, r#" INSERT INTO oauth2_authorization_grants - (client_id, redirect_uri, scope, state, nonce, max_age, + (oauth2_client_id, redirect_uri, scope, state, nonce, max_age, acr_values, response_mode, code_challenge, code_challenge_method, response_type_code, response_type_token, response_type_id_token, code) @@ -66,7 +66,7 @@ pub async fn new_authorization_grant( ($1, $2, $3, $4, $5, $6, $7, $8, $9, $10, $11, $12, $13, $14) RETURNING id, created_at "#, - &client.client_id, + &client.data, redirect_uri.to_string(), scope.to_string(), state, @@ -123,7 +123,7 @@ struct GrantLookup { grant_code: Option, grant_code_challenge: Option, grant_code_challenge_method: Option, - client_id: String, + oauth2_client_id: i64, session_id: Option, user_session_id: Option, user_session_created_at: Option>, @@ -149,7 +149,7 @@ impl GrantLookup { .map_err(|_e| DatabaseInconsistencyError)?; // TODO: don't unwrap - let client = lookup_client_by_client_id(executor, &self.client_id) + let client = lookup_client(executor, self.oauth2_client_id) .await .unwrap(); @@ -340,7 +340,7 @@ pub async fn get_grant_by_id( og.nonce AS grant_nonce, og.max_age AS grant_max_age, og.acr_values AS grant_acr_values, - og.client_id AS client_id, + og.oauth2_client_id AS oauth2_client_id, og.code AS grant_code, og.response_type_code AS grant_response_type_code, og.response_type_token AS grant_response_type_token, @@ -408,7 +408,7 @@ pub async fn lookup_grant_by_code( og.nonce AS grant_nonce, og.max_age AS grant_max_age, og.acr_values AS grant_acr_values, - og.client_id AS client_id, + og.oauth2_client_id AS oauth2_client_id, og.code AS grant_code, og.response_type_code AS grant_response_type_code, og.response_type_token AS grant_response_type_token, @@ -464,10 +464,10 @@ pub async fn derive_session( IdAndCreationTime, r#" INSERT INTO oauth2_sessions - (user_session_id, client_id, scope) + (user_session_id, oauth2_client_id, scope) SELECT $1, - og.client_id, + og.oauth2_client_id, og.scope FROM oauth2_authorization_grants og diff --git a/crates/storage/src/oauth2/client.rs b/crates/storage/src/oauth2/client.rs index ede88845..f46dcbd7 100644 --- a/crates/storage/src/oauth2/client.rs +++ b/crates/storage/src/oauth2/client.rs @@ -486,7 +486,7 @@ pub async fn insert_client_from_config( } pub async fn truncate_clients(executor: impl PgExecutor<'_>) -> anyhow::Result<()> { - sqlx::query!("TRUNCATE oauth2_client_redirect_uris, oauth2_clients") + sqlx::query!("TRUNCATE oauth2_client_redirect_uris, oauth2_clients RESTART IDENTITY CASCADE") .execute(executor) .await?; Ok(()) diff --git a/crates/storage/src/oauth2/refresh_token.rs b/crates/storage/src/oauth2/refresh_token.rs index 98a870c1..aae65257 100644 --- a/crates/storage/src/oauth2/refresh_token.rs +++ b/crates/storage/src/oauth2/refresh_token.rs @@ -20,7 +20,7 @@ use mas_data_model::{ use sqlx::{PgConnection, PgExecutor}; use thiserror::Error; -use super::client::{lookup_client_by_client_id, ClientFetchError}; +use super::client::{lookup_client, ClientFetchError}; use crate::{DatabaseInconsistencyError, IdAndCreationTime, PostgresqlBackend}; pub async fn add_refresh_token( @@ -64,7 +64,7 @@ struct OAuth2RefreshTokenLookup { access_token_expires_after: Option, access_token_created_at: Option>, session_id: i64, - client_id: String, + oauth2_client_id: i64, scope: String, user_session_id: i64, user_session_created_at: DateTime, @@ -111,7 +111,7 @@ pub async fn lookup_active_refresh_token( at.expires_after AS "access_token_expires_after?", at.created_at AS "access_token_created_at?", os.id AS "session_id!", - os.client_id AS "client_id!", + os.oauth2_client_id AS "oauth2_client_id!", os.scope AS "scope!", us.id AS "user_session_id!", us.created_at AS "user_session_created_at!", @@ -174,7 +174,7 @@ pub async fn lookup_active_refresh_token( access_token, }; - let client = lookup_client_by_client_id(&mut *conn, &res.client_id).await?; + let client = lookup_client(&mut *conn, res.oauth2_client_id).await?; let primary_email = match ( res.user_email_id, diff --git a/crates/templates/src/res/pages/login.html b/crates/templates/src/res/pages/login.html index d5fbc4d4..11e3e9ba 100644 --- a/crates/templates/src/res/pages/login.html +++ b/crates/templates/src/res/pages/login.html @@ -35,7 +35,7 @@ limitations under the License.

Log in

{% if next and next.kind == "continue_authorization_grant" %} -

to continue to {{ next.grant.client.client_id }}

+

to continue to {{ next.grant.client.client_name | default(value=next.grand.client.client_id) }}

{% else %}

Use your existing account

{% endif %} diff --git a/crates/templates/src/res/pages/reauth.html b/crates/templates/src/res/pages/reauth.html index cd3d448b..4d1dc2a5 100644 --- a/crates/templates/src/res/pages/reauth.html +++ b/crates/templates/src/res/pages/reauth.html @@ -33,7 +33,7 @@ limitations under the License.

Confim access

{% if next and next.kind == "continue_authorization_grant" %} -

to continue to {{ next.grant.client.client_id }}

+

to continue to {{ next.grant.client.client_name | default(value=next.grand.client.client_id) }}

{% endif %}
diff --git a/crates/templates/src/res/pages/register.html b/crates/templates/src/res/pages/register.html index d5998766..67e01357 100644 --- a/crates/templates/src/res/pages/register.html +++ b/crates/templates/src/res/pages/register.html @@ -35,7 +35,7 @@ limitations under the License.

Create your account

{% if next and next.kind == "continue_authorization_grant" %} -

to continue to {{ next.grant.client.client_id }}

+

to continue to {{ next.grant.client.client_name | default(value=next.grand.client.client_id) }}

{% endif %}