From 3a985d376bc93b3adc1ff3e0f11eec318657f889 Mon Sep 17 00:00:00 2001 From: aeneasr Date: Mon, 19 Nov 2018 12:28:30 +0100 Subject: [PATCH] sql: Resolve index/fk regression issues Closes #1177 Signed-off-by: aeneasr --- .circleci/config.yml | 85 ++++++++- UPGRADE.md | 150 ++++++++++++---- client/migrations/sql/mysql/.gitattributes | 1 - client/migrations/sql/mysql/.gitkeep | 0 client/migrations/sql/postgres/.gitattributes | 1 - client/migrations/sql/postgres/.gitkeep | 0 client/sql_migration_files.go | 166 ++++-------------- consent/migrations/sql/mysql/7.sql | 62 +++++-- consent/migrations/sql/postgres/7.sql | 58 ++++-- consent/sql_migration_files.go | 24 +-- jwk/sql_migration_files.go | 2 +- oauth2/fosite_store_helpers_test.go | 20 +++ oauth2/fosite_store_sql.go | 42 +++-- oauth2/fosite_store_test.go | 1 + oauth2/migrations/sql/mysql/8.sql | 82 ++++++--- oauth2/migrations/sql/postgres/7.sql | 1 - oauth2/migrations/sql/postgres/8.sql | 93 +++++++--- oauth2/sql_migration_files.go | 30 ++-- scripts/test-e2e-jwt.sh | 3 +- scripts/test-e2e-opaque.sh | 3 +- 20 files changed, 529 insertions(+), 295 deletions(-) delete mode 100644 client/migrations/sql/mysql/.gitattributes delete mode 100644 client/migrations/sql/mysql/.gitkeep delete mode 100644 client/migrations/sql/postgres/.gitattributes delete mode 100644 client/migrations/sql/postgres/.gitkeep diff --git a/.circleci/config.yml b/.circleci/config.yml index 6021e9e16db..b8b5cf5ed02 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -56,11 +56,76 @@ jobs: - run: go install github.com/ory/hydra/test/mock-lcp - run: go-acc -o coverage.txt ./... -- -failfast -v -timeout=20m - run: go test -race -short $(go list ./... | grep -v cmd) - - run: ./scripts/test-e2e-jwt.sh - - run: ./scripts/test-e2e-opaque.sh - - run: ./scripts/test-e2e-plugin.sh - run: test -z "$CIRCLE_PR_NUMBER" && goveralls -service=circle-ci -coverprofile=coverage.txt -repotoken=$COVERALLS_REPO_TOKEN || echo "forks are not allowed to push to coveralls" + test-e2e-opaque: + docker: + - image: circleci/golang:1.11 + environment: + - DATABASE_URL_POSTGRES=postgres://test:test@localhost:5432/hydra?sslmode=disable + - DATABASE_URL_MYSQL=mysql://root:test@(localhost:3306)/mysql?parseTime=true + - image: postgres:9.5 + environment: + - POSTGRES_USER=test + - POSTGRES_PASSWORD=test + - POSTGRES_DB=hydra + - image: mysql:5.7 + environment: + - MYSQL_ROOT_PASSWORD=test + working_directory: /go/src/github.com/ory/hydra + steps: + - run: + name: Enable go1.11 modules + command: | + echo 'export GO111MODULE=on' >> $BASH_ENV + source $BASH_ENV + - checkout + - run: go mod verify + - run: go get -u github.com/mattn/goveralls golang.org/x/tools/cmd/cover github.com/ory/go-acc + - run: go install github.com/ory/hydra + - run: go install github.com/ory/hydra/test/mock-lcp + - run: hydra migrate sql $DATABASE_URL_POSTGRES + - run: hydra migrate sql $DATABASE_URL_MYSQL + - run: DATABASE_URL=$DATABASE_URL_POSTGRES ./scripts/test-e2e-opaque.sh + - run: DATABASE_URL=$DATABASE_URL_MYSQL ./scripts/test-e2e-opaque.sh + - run: DATABASE_URL=memory ./scripts/test-e2e-opaque.sh + - run: DATABASE_URL=memory ./scripts/test-e2e-opaque.sh + - run: ./scripts/test-e2e-plugin.sh + + test-e2e-jwt: + docker: + - image: circleci/golang:1.11 + environment: + - DATABASE_URL_POSTGRES=postgres://test:test@localhost:5432/hydra?sslmode=disable + - DATABASE_URL_MYSQL=mysql://root:test@(localhost:3306)/mysql?parseTime=true + - image: postgres:9.5 + environment: + - POSTGRES_USER=test + - POSTGRES_PASSWORD=test + - POSTGRES_DB=hydra + - image: mysql:5.7 + environment: + - MYSQL_ROOT_PASSWORD=test + working_directory: /go/src/github.com/ory/hydra + steps: + - run: + name: Enable go1.11 modules + command: | + echo 'export GO111MODULE=on' >> $BASH_ENV + source $BASH_ENV + - checkout + - run: go mod verify + - run: go get -u github.com/mattn/goveralls golang.org/x/tools/cmd/cover github.com/ory/go-acc + - run: go install github.com/ory/hydra + - run: go install github.com/ory/hydra/test/mock-lcp + - run: hydra migrate sql $DATABASE_URL_POSTGRES + - run: hydra migrate sql $DATABASE_URL_MYSQL + - run: DATABASE_URL=$DATABASE_URL_POSTGRES ./scripts/test-e2e-jwt.sh + - run: DATABASE_URL=$DATABASE_URL_MYSQL ./scripts/test-e2e-jwt.sh + - run: DATABASE_URL=memory ./scripts/test-e2e-opaque.sh + - run: DATABASE_URL=memory ./scripts/test-e2e-opaque.sh + - run: ./scripts/test-e2e-plugin.sh + # This test is really useless because there are always changes (usually timestamps in the generated code) # generators: # docker: @@ -208,6 +273,18 @@ workflows: filters: tags: only: /.*/ + - test-e2e-opaque: + requires: + - test + filters: + tags: + only: /.*/ + - test-e2e-jwt: + requires: + - test + filters: + tags: + only: /.*/ - release-docs: filters: branches: @@ -228,6 +305,8 @@ workflows: - test # - generators - format + - test-e2e-opaque + - test-e2e-jwt filters: tags: only: /.*/ diff --git a/UPGRADE.md b/UPGRADE.md index bd6e726895d..37ca81fd119 100644 --- a/UPGRADE.md +++ b/UPGRADE.md @@ -128,6 +128,9 @@ Please read all paragraphs of this section with the utmost care, before executin not take this change lightly and create a backup of the database before you begin. To be sure, copy the database and do a dry-run locally. +> Be aware that running these migrations might take some time when using large databases. Do a dry-run before hammering +your production database. + #### Foreign Keys In order to keep data consistent across tables, several foreign key constraints have been added between consent, oauth2, client tables. @@ -143,28 +146,82 @@ This migration automatically removes inconsistent OAuth 2.0 and OpenID Connect d 2. Existing pkce and OpenID Connect session might be invalidated. As OAuth 2.0 clients are generally capable of handling re-authorization, this should not have a serious impact. Removing -this data increases security through strong consistency. - -The following `DELETE` statements will be executed: +this data increases security through strong consistency. The following data-altering statements will be executed: -``` -DELETE FROM hydra_oauth2_access as h WHERE NOT EXISTS (SELECT 1 FROM hydra_client WHERE h.client_id = hydra_client.id); -DELETE FROM hydra_oauth2_refresh as h WHERE NOT EXISTS (SELECT 1 FROM hydra_client WHERE h.client_id = hydra_client.id); -DELETE FROM hydra_oauth2_code as h WHERE NOT EXISTS (SELECT 1 FROM hydra_client WHERE h.client_id = hydra_client.id); -DELETE FROM hydra_oauth2_oidc as h WHERE NOT EXISTS (SELECT 1 FROM hydra_client WHERE h.client_id = hydra_client.id); -DELETE FROM hydra_oauth2_pkce as h WHERE NOT EXISTS (SELECT 1 FROM hydra_client WHERE h.client_id = hydra_client.id); - -DELETE FROM hydra_oauth2_access as h WHERE NOT EXISTS (SELECT 1 FROM hydra_oauth2_consent_request_handled WHERE h.request_id = hydra_oauth2_consent_request_handled.challenge); -DELETE FROM hydra_oauth2_refresh as h WHERE NOT EXISTS (SELECT 1 FROM hydra_oauth2_consent_request_handled WHERE h.request_id = hydra_oauth2_consent_request_handled.challenge); -DELETE FROM hydra_oauth2_code as h WHERE NOT EXISTS (SELECT 1 FROM hydra_oauth2_consent_request_handled WHERE h.request_id = hydra_oauth2_consent_request_handled.challenge); -DELETE FROM hydra_oauth2_oidc as h WHERE NOT EXISTS (SELECT 1 FROM hydra_oauth2_consent_request_handled WHERE h.request_id = hydra_oauth2_consent_request_handled.challenge); -DELETE FROM hydra_oauth2_pkce as h WHERE NOT EXISTS (SELECT 1 FROM hydra_oauth2_consent_request_handled WHERE h.request_id = hydra_oauth2_consent_request_handled.challenge); - -DELETE FROM hydra_oauth2_access WHERE LENGTH(request_id) > 40 OR request_id = ''; -DELETE FROM hydra_oauth2_refresh WHERE LENGTH(request_id) > 40 OR request_id = ''; -DELETE FROM hydra_oauth2_code WHERE LENGTH(request_id) > 40 OR request_id = ''; -DELETE FROM hydra_oauth2_oidc WHERE LENGTH(request_id) > 40 OR request_id = ''; -DELETE FROM hydra_oauth2_pkce WHERE LENGTH(request_id) > 40 OR request_id = ''; +```sql +-- First we need to delete all rows that point to a non-existing oauth2 client. +DELETE FROM hydra_oauth2_access WHERE NOT EXISTS (SELECT 1 FROM hydra_client WHERE hydra_oauth2_access.client_id = hydra_client.id); +DELETE FROM hydra_oauth2_refresh WHERE NOT EXISTS (SELECT 1 FROM hydra_client WHERE hydra_oauth2_refresh.client_id = hydra_client.id); +DELETE FROM hydra_oauth2_code WHERE NOT EXISTS (SELECT 1 FROM hydra_client WHERE hydra_oauth2_code.client_id = hydra_client.id); +DELETE FROM hydra_oauth2_oidc WHERE NOT EXISTS (SELECT 1 FROM hydra_client WHERE hydra_oauth2_oidc.client_id = hydra_client.id); +DELETE FROM hydra_oauth2_pkce WHERE NOT EXISTS (SELECT 1 FROM hydra_client WHERE hydra_oauth2_pkce.client_id = hydra_client.id); + + +-- request_id is a 40 varchar in the referenced table which is why we are resizing +-- 1. We must remove request_ids longer than 40 chars. This should never happen as we've never issued them longer than this +DELETE FROM hydra_oauth2_access WHERE LENGTH(request_id) > 40; +DELETE FROM hydra_oauth2_refresh WHERE LENGTH(request_id) > 40; +DELETE FROM hydra_oauth2_code WHERE LENGTH(request_id) > 40; +DELETE FROM hydra_oauth2_oidc WHERE LENGTH(request_id) > 40; +DELETE FROM hydra_oauth2_pkce WHERE LENGTH(request_id) > 40; + +-- 2. Next we're actually resizing +ALTER TABLE hydra_oauth2_access ALTER COLUMN request_id TYPE varchar(40); +ALTER TABLE hydra_oauth2_refresh ALTER COLUMN request_id TYPE varchar(40); +ALTER TABLE hydra_oauth2_code ALTER COLUMN request_id TYPE varchar(40); +ALTER TABLE hydra_oauth2_oidc ALTER COLUMN request_id TYPE varchar(40); +ALTER TABLE hydra_oauth2_pkce ALTER COLUMN request_id TYPE varchar(40); + +-- 3. We must also drop the NOT NULL and default values as request_id can be set to NULL, for example in +-- oauth2 client credentials grant. +ALTER TABLE hydra_oauth2_access ALTER COLUMN request_id DROP NOT NULL; +ALTER TABLE hydra_oauth2_refresh ALTER COLUMN request_id DROP NOT NULL; +ALTER TABLE hydra_oauth2_code ALTER COLUMN request_id DROP NOT NULL; +ALTER TABLE hydra_oauth2_oidc ALTER COLUMN request_id DROP NOT NULL; +ALTER TABLE hydra_oauth2_pkce ALTER COLUMN request_id DROP NOT NULL; +ALTER TABLE hydra_oauth2_access ALTER COLUMN request_id DROP DEFAULT; +ALTER TABLE hydra_oauth2_refresh ALTER COLUMN request_id DROP DEFAULT; +ALTER TABLE hydra_oauth2_code ALTER COLUMN request_id DROP DEFAULT; +ALTER TABLE hydra_oauth2_oidc ALTER COLUMN request_id DROP DEFAULT; +ALTER TABLE hydra_oauth2_pkce ALTER COLUMN request_id DROP DEFAULT; + +-- 4. And lastly, we must set it to NULL where the request_id is an empty string +UPDATE hydra_oauth2_access SET request_id = NULL WHERE LENGTH(request_id) = 0; +UPDATE hydra_oauth2_refresh SET request_id = NULL WHERE LENGTH(request_id) = 0; +UPDATE hydra_oauth2_code SET request_id = NULL WHERE LENGTH(request_id) = 0; +UPDATE hydra_oauth2_oidc SET request_id = NULL WHERE LENGTH(request_id) = 0; +UPDATE hydra_oauth2_pkce SET request_id = NULL WHERE LENGTH(request_id) = 0; + +-- 5. Now we can delete all request_id's that are set but do not point to an existing challenge. We also must include +-- request_ids which are set to NULL +DELETE FROM hydra_oauth2_access WHERE NOT EXISTS ( + SELECT 1 FROM hydra_oauth2_consent_request_handled WHERE hydra_oauth2_access.request_id = hydra_oauth2_consent_request_handled.challenge OR hydra_oauth2_access.request_id = NULL +); +DELETE FROM hydra_oauth2_refresh WHERE NOT EXISTS ( + SELECT 1 FROM hydra_oauth2_consent_request_handled WHERE hydra_oauth2_refresh.request_id = hydra_oauth2_consent_request_handled.challenge OR hydra_oauth2_refresh.request_id = NULL +); +DELETE FROM hydra_oauth2_code WHERE NOT EXISTS ( + SELECT 1 FROM hydra_oauth2_consent_request_handled WHERE hydra_oauth2_code.request_id = hydra_oauth2_consent_request_handled.challenge OR hydra_oauth2_code.request_id = NULL +); +DELETE FROM hydra_oauth2_oidc WHERE NOT EXISTS ( + SELECT 1 FROM hydra_oauth2_consent_request_handled WHERE hydra_oauth2_oidc.request_id = hydra_oauth2_consent_request_handled.challenge OR hydra_oauth2_oidc.request_id = NULL +); +DELETE FROM hydra_oauth2_pkce WHERE NOT EXISTS ( + SELECT 1 FROM hydra_oauth2_consent_request_handled WHERE hydra_oauth2_pkce.request_id = hydra_oauth2_consent_request_handled.challenge OR hydra_oauth2_pkce.request_id = NULL +); + +-- In preparation for creating the client_id index and foreign key, we must set it to varchar(255) which is also +-- the length of hydra_client.id +DELETE FROM hydra_oauth2_access WHERE LENGTH(client_id) > 255; +DELETE FROM hydra_oauth2_refresh WHERE LENGTH(client_id) > 255; +DELETE FROM hydra_oauth2_code WHERE LENGTH(client_id) > 255; +DELETE FROM hydra_oauth2_oidc WHERE LENGTH(client_id) > 255; +DELETE FROM hydra_oauth2_pkce WHERE LENGTH(client_id) > 255; +ALTER TABLE hydra_oauth2_access ALTER COLUMN client_id TYPE varchar(255); +ALTER TABLE hydra_oauth2_refresh ALTER COLUMN client_id TYPE varchar(255); +ALTER TABLE hydra_oauth2_code ALTER COLUMN client_id TYPE varchar(255); +ALTER TABLE hydra_oauth2_oidc ALTER COLUMN client_id TYPE varchar(255); +ALTER TABLE hydra_oauth2_pkce ALTER COLUMN client_id TYPE varchar(255); ``` ##### Removing inconsistent login & consent data @@ -179,19 +236,38 @@ That is achieved by running the following queries. Make sure you understand what they may have on your system before executing `hydra migrate sql`: ```sql -DELETE FROM hydra_oauth2_consent_request_handled as h WHERE NOT EXISTS (SELECT 1 FROM hydra_oauth2_consent_request WHERE h.challenge = hydra_oauth2_consent_request.challenge); -DELETE FROM hydra_oauth2_authentication_request_handled as h WHERE NOT EXISTS (SELECT 1 FROM hydra_oauth2_consent_request WHERE h.challenge = hydra_oauth2_consent_request.challenge); - -DELETE FROM hydra_oauth2_consent_request WHERE login_challenge=''; - -DELETE FROM hydra_oauth2_authentication_request as h WHERE NOT EXISTS (SELECT 1 FROM hydra_client WHERE h.client_id = hydra_client.id); -DELETE FROM hydra_oauth2_authentication_request as h WHERE NOT EXISTS (SELECT 1 FROM hydra_oauth2_authentication_session WHERE h.login_session_id = hydra_oauth2_authentication_session.id); - -DELETE FROM hydra_oauth2_consent_request as h WHERE NOT EXISTS (SELECT 1 FROM hydra_client WHERE h.client_id = hydra_client.id); -DELETE FROM hydra_oauth2_consent_request as h WHERE NOT EXISTS (SELECT 1 FROM hydra_oauth2_authentication_session WHERE h.login_session_id = hydra_oauth2_authentication_session.id); -DELETE FROM hydra_oauth2_consent_request as h WHERE NOT EXISTS (SELECT 1 FROM hydra_oauth2_authentication_request WHERE h.login_challenge = hydra_oauth2_authentication_request.challenge); - -DELETE FROM hydra_oauth2_obfuscated_authentication_session as h WHERE NOT EXISTS (SELECT 1 FROM hydra_client WHERE h.client_id = hydra_client.id); +-- This can be null when no previous login session exists, so let's remove default +ALTER TABLE hydra_oauth2_authentication_request ALTER COLUMN login_session_id DROP DEFAULT; + +-- This can be null when no previous login session exists or if that session has been removed, so let's remove default +ALTER TABLE hydra_oauth2_consent_request ALTER COLUMN login_session_id DROP DEFAULT; + +-- This can be null when the login_challenge was deleted (should not delete the consent itself) +ALTER TABLE hydra_oauth2_consent_request ALTER COLUMN login_challenge DROP DEFAULT; + +-- Consent requests that point to an empty or invalid login request should set their login_challenge to NULL +UPDATE hydra_oauth2_consent_request SET login_challenge = NULL WHERE NOT EXISTS ( + SELECT 1 FROM hydra_oauth2_authentication_request WHERE hydra_oauth2_consent_request.login_challenge = hydra_oauth2_authentication_request.challenge +); + +-- Consent requests that point to an empty or invalid login session should set their login_session_id to NULL +UPDATE hydra_oauth2_consent_request SET login_session_id = NULL WHERE NOT EXISTS ( + SELECT 1 FROM hydra_oauth2_authentication_session WHERE hydra_oauth2_consent_request.login_session_id = hydra_oauth2_authentication_session.id +); + +-- Login requests that point to a login session that no longer exists (or was never set in the first place) should set that to NULL +UPDATE hydra_oauth2_authentication_request SET login_session_id = NULL WHERE NOT EXISTS ( + SELECT 1 FROM hydra_oauth2_authentication_session WHERE hydra_oauth2_authentication_request.login_session_id = hydra_oauth2_authentication_session.id +); + +-- Login, consent, obfuscated sessions that point to a client which no longer exists must be deleted +DELETE FROM hydra_oauth2_authentication_request WHERE NOT EXISTS (SELECT 1 FROM hydra_client WHERE hydra_oauth2_authentication_request.client_id = hydra_client.id); +DELETE FROM hydra_oauth2_consent_request WHERE NOT EXISTS (SELECT 1 FROM hydra_client WHERE hydra_oauth2_consent_request.client_id = hydra_client.id); +DELETE FROM hydra_oauth2_obfuscated_authentication_session WHERE NOT EXISTS (SELECT 1 FROM hydra_client WHERE hydra_oauth2_obfuscated_authentication_session.client_id = hydra_client.id); + +-- Handled login and consent requests which point to a consent/login request that no longer exists must be deleted +DELETE FROM hydra_oauth2_consent_request_handled WHERE NOT EXISTS (SELECT 1 FROM hydra_oauth2_consent_request WHERE hydra_oauth2_consent_request_handled.challenge = hydra_oauth2_consent_request.challenge); +DELETE FROM hydra_oauth2_authentication_request_handled WHERE NOT EXISTS (SELECT 1 FROM hydra_oauth2_consent_request WHERE hydra_oauth2_authentication_request_handled.challenge = hydra_oauth2_consent_request.challenge); ``` Be aware that some queries might cascade and remove other data to. One such example is checking `hydra_oauth2_consent_request` @@ -200,11 +276,7 @@ is removed as well. #### Indices -In order to [resolve table locking](https://github.com/ory/hydra/issues/1067) during the refresh token flow, the following indices were added: -- Unique index on the `request_id` column in the `hydra_oauth2_access` & `hydra_oauth2_refresh` tables - -In order to [resolve table locking](https://github.com/ory/hydra/issues/1067) when flushing expired tokens, the following index was added: -- Index on the `requested_at` column in the `hydra_oauth2_access` table +Several indices have been added which should resolve table locking when searching in large data sets. ### Non-breaking Changes diff --git a/client/migrations/sql/mysql/.gitattributes b/client/migrations/sql/mysql/.gitattributes deleted file mode 100644 index 3692e258b06..00000000000 --- a/client/migrations/sql/mysql/.gitattributes +++ /dev/null @@ -1 +0,0 @@ -*.sql -crlf diff --git a/client/migrations/sql/mysql/.gitkeep b/client/migrations/sql/mysql/.gitkeep deleted file mode 100644 index e69de29bb2d..00000000000 diff --git a/client/migrations/sql/postgres/.gitattributes b/client/migrations/sql/postgres/.gitattributes deleted file mode 100644 index 3692e258b06..00000000000 --- a/client/migrations/sql/postgres/.gitattributes +++ /dev/null @@ -1 +0,0 @@ -*.sql -crlf diff --git a/client/migrations/sql/postgres/.gitkeep b/client/migrations/sql/postgres/.gitkeep deleted file mode 100644 index e69de29bb2d..00000000000 diff --git a/client/sql_migration_files.go b/client/sql_migration_files.go index 58df181ede7..f9a2885a776 100644 --- a/client/sql_migration_files.go +++ b/client/sql_migration_files.go @@ -9,14 +9,10 @@ // migrations/sql/shared/5.sql // migrations/sql/shared/6.sql // migrations/sql/shared/7.sql -// migrations/sql/mysql/.gitattributes -// migrations/sql/mysql/.gitkeep // migrations/sql/mysql/11.sql // migrations/sql/mysql/4.sql // migrations/sql/mysql/8.sql // migrations/sql/mysql/9.sql -// migrations/sql/postgres/.gitattributes -// migrations/sql/postgres/.gitkeep // migrations/sql/postgres/11.sql // migrations/sql/postgres/4.sql // migrations/sql/postgres/8.sql @@ -278,46 +274,6 @@ func migrationsSqlShared7Sql() (*asset, error) { return a, nil } -var _migrationsSqlMysqlGitattributes = []byte("\x1f\x8b\x08\x00\x00\x00\x00\x00\x00\xff\xd2\xd2\x2b\x2e\xcc\x51\xd0\x4d\x2e\xca\x49\xe3\x02\x04\x00\x00\xff\xff\x5b\x50\x4f\xd9\x0c\x00\x00\x00") - -func migrationsSqlMysqlGitattributesBytes() ([]byte, error) { - return bindataRead( - _migrationsSqlMysqlGitattributes, - "migrations/sql/mysql/.gitattributes", - ) -} - -func migrationsSqlMysqlGitattributes() (*asset, error) { - bytes, err := migrationsSqlMysqlGitattributesBytes() - if err != nil { - return nil, err - } - - info := bindataFileInfo{name: "migrations/sql/mysql/.gitattributes", size: 12, mode: os.FileMode(438), modTime: time.Unix(1542278753, 0)} - a := &asset{bytes: bytes, info: info} - return a, nil -} - -var _migrationsSqlMysqlGitkeep = []byte("\x1f\x8b\x08\x00\x00\x00\x00\x00\x00\xff\x01\x00\x00\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00") - -func migrationsSqlMysqlGitkeepBytes() ([]byte, error) { - return bindataRead( - _migrationsSqlMysqlGitkeep, - "migrations/sql/mysql/.gitkeep", - ) -} - -func migrationsSqlMysqlGitkeep() (*asset, error) { - bytes, err := migrationsSqlMysqlGitkeepBytes() - if err != nil { - return nil, err - } - - info := bindataFileInfo{name: "migrations/sql/mysql/.gitkeep", size: 0, mode: os.FileMode(438), modTime: time.Unix(1542278753, 0)} - a := &asset{bytes: bytes, info: info} - return a, nil -} - var _migrationsSqlMysql11Sql = []byte("\x1f\x8b\x08\x00\x00\x00\x00\x00\x00\xff\xd2\xd5\x55\xd0\xce\xcd\x4c\x2f\x4a\x2c\x49\x55\x08\x2d\xe0\x0a\x0d\x70\x71\x0c\x71\x55\xc8\xa8\x4c\x29\x4a\x8c\x4f\xce\xc9\x4c\xcd\x2b\x51\x08\x76\x0d\x51\x48\x2c\x4d\xc9\x4c\xcd\x4b\x4e\xb5\x55\x57\xb7\xe6\x72\xf4\x09\x71\x0d\x52\x08\x71\x74\xf2\x41\x53\xe9\xeb\xef\xe2\xe9\x16\x09\x57\xac\x10\xe2\x1a\x11\xa2\xe0\xe7\x1f\xa2\xe0\x17\xea\xe3\x63\xcd\xc5\x85\x6c\x99\x4b\x7e\x79\x1e\x69\x26\x59\x73\x01\x02\x00\x00\xff\xff\x72\x1b\x3f\x00\xad\x00\x00\x00") func migrationsSqlMysql11SqlBytes() ([]byte, error) { @@ -398,46 +354,6 @@ func migrationsSqlMysql9Sql() (*asset, error) { return a, nil } -var _migrationsSqlPostgresGitattributes = []byte("\x1f\x8b\x08\x00\x00\x00\x00\x00\x00\xff\xd2\xd2\x2b\x2e\xcc\x51\xd0\x4d\x2e\xca\x49\xe3\x02\x04\x00\x00\xff\xff\x5b\x50\x4f\xd9\x0c\x00\x00\x00") - -func migrationsSqlPostgresGitattributesBytes() ([]byte, error) { - return bindataRead( - _migrationsSqlPostgresGitattributes, - "migrations/sql/postgres/.gitattributes", - ) -} - -func migrationsSqlPostgresGitattributes() (*asset, error) { - bytes, err := migrationsSqlPostgresGitattributesBytes() - if err != nil { - return nil, err - } - - info := bindataFileInfo{name: "migrations/sql/postgres/.gitattributes", size: 12, mode: os.FileMode(438), modTime: time.Unix(1542278753, 0)} - a := &asset{bytes: bytes, info: info} - return a, nil -} - -var _migrationsSqlPostgresGitkeep = []byte("\x1f\x8b\x08\x00\x00\x00\x00\x00\x00\xff\x01\x00\x00\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00") - -func migrationsSqlPostgresGitkeepBytes() ([]byte, error) { - return bindataRead( - _migrationsSqlPostgresGitkeep, - "migrations/sql/postgres/.gitkeep", - ) -} - -func migrationsSqlPostgresGitkeep() (*asset, error) { - bytes, err := migrationsSqlPostgresGitkeepBytes() - if err != nil { - return nil, err - } - - info := bindataFileInfo{name: "migrations/sql/postgres/.gitkeep", size: 0, mode: os.FileMode(438), modTime: time.Unix(1542278753, 0)} - a := &asset{bytes: bytes, info: info} - return a, nil -} - var _migrationsSqlPostgres11Sql = []byte("\x1f\x8b\x08\x00\x00\x00\x00\x00\x00\xff\xd2\xd5\x55\xd0\xce\xcd\x4c\x2f\x4a\x2c\x49\x55\x08\x2d\xe0\x0a\x0d\x70\x71\x0c\x71\x55\xc8\xa8\x4c\x29\x4a\x8c\x4f\xce\xc9\x4c\xcd\x2b\x51\x08\x76\x0d\x51\x48\x2c\x4d\xc9\x4c\xcd\x4b\x4e\xb5\x55\x57\xb7\xe6\x72\xf4\x09\x71\x0d\x52\x08\x71\x74\xf2\x41\x53\x09\x91\x70\xf6\xf7\x09\xf5\xf5\x83\x6b\x01\xeb\xf7\xf3\x0f\x51\xf0\x0b\xf5\xf1\xb1\xe6\xe2\x42\xb6\xd1\x25\xbf\x3c\x8f\x54\xe3\x5c\x82\xfc\x03\x90\xcc\x03\x04\x00\x00\xff\xff\x88\xa9\x34\xbb\xc1\x00\x00\x00") func migrationsSqlPostgres11SqlBytes() ([]byte, error) { @@ -810,39 +726,35 @@ func AssetNames() []string { // _bindata is a table, holding each asset generator, mapped to its name. var _bindata = map[string]func() (*asset, error){ - "migrations/sql/shared/.gitattributes": migrationsSqlSharedGitattributes, - "migrations/sql/shared/.gitkeep": migrationsSqlSharedGitkeep, - "migrations/sql/shared/1.sql": migrationsSqlShared1Sql, - "migrations/sql/shared/10.sql": migrationsSqlShared10Sql, - "migrations/sql/shared/2.sql": migrationsSqlShared2Sql, - "migrations/sql/shared/3.sql": migrationsSqlShared3Sql, - "migrations/sql/shared/5.sql": migrationsSqlShared5Sql, - "migrations/sql/shared/6.sql": migrationsSqlShared6Sql, - "migrations/sql/shared/7.sql": migrationsSqlShared7Sql, - "migrations/sql/mysql/.gitattributes": migrationsSqlMysqlGitattributes, - "migrations/sql/mysql/.gitkeep": migrationsSqlMysqlGitkeep, - "migrations/sql/mysql/11.sql": migrationsSqlMysql11Sql, - "migrations/sql/mysql/4.sql": migrationsSqlMysql4Sql, - "migrations/sql/mysql/8.sql": migrationsSqlMysql8Sql, - "migrations/sql/mysql/9.sql": migrationsSqlMysql9Sql, - "migrations/sql/postgres/.gitattributes": migrationsSqlPostgresGitattributes, - "migrations/sql/postgres/.gitkeep": migrationsSqlPostgresGitkeep, - "migrations/sql/postgres/11.sql": migrationsSqlPostgres11Sql, - "migrations/sql/postgres/4.sql": migrationsSqlPostgres4Sql, - "migrations/sql/postgres/8.sql": migrationsSqlPostgres8Sql, - "migrations/sql/postgres/9.sql": migrationsSqlPostgres9Sql, - "migrations/sql/tests/.gitkeep": migrationsSqlTestsGitkeep, - "migrations/sql/tests/10_test.sql": migrationsSqlTests10_testSql, - "migrations/sql/tests/11_test.sql": migrationsSqlTests11_testSql, - "migrations/sql/tests/1_test.sql": migrationsSqlTests1_testSql, - "migrations/sql/tests/2_test.sql": migrationsSqlTests2_testSql, - "migrations/sql/tests/3_test.sql": migrationsSqlTests3_testSql, - "migrations/sql/tests/4_test.sql": migrationsSqlTests4_testSql, - "migrations/sql/tests/5_test.sql": migrationsSqlTests5_testSql, - "migrations/sql/tests/6_test.sql": migrationsSqlTests6_testSql, - "migrations/sql/tests/7_test.sql": migrationsSqlTests7_testSql, - "migrations/sql/tests/8_test.sql": migrationsSqlTests8_testSql, - "migrations/sql/tests/9_test.sql": migrationsSqlTests9_testSql, + "migrations/sql/shared/.gitattributes": migrationsSqlSharedGitattributes, + "migrations/sql/shared/.gitkeep": migrationsSqlSharedGitkeep, + "migrations/sql/shared/1.sql": migrationsSqlShared1Sql, + "migrations/sql/shared/10.sql": migrationsSqlShared10Sql, + "migrations/sql/shared/2.sql": migrationsSqlShared2Sql, + "migrations/sql/shared/3.sql": migrationsSqlShared3Sql, + "migrations/sql/shared/5.sql": migrationsSqlShared5Sql, + "migrations/sql/shared/6.sql": migrationsSqlShared6Sql, + "migrations/sql/shared/7.sql": migrationsSqlShared7Sql, + "migrations/sql/mysql/11.sql": migrationsSqlMysql11Sql, + "migrations/sql/mysql/4.sql": migrationsSqlMysql4Sql, + "migrations/sql/mysql/8.sql": migrationsSqlMysql8Sql, + "migrations/sql/mysql/9.sql": migrationsSqlMysql9Sql, + "migrations/sql/postgres/11.sql": migrationsSqlPostgres11Sql, + "migrations/sql/postgres/4.sql": migrationsSqlPostgres4Sql, + "migrations/sql/postgres/8.sql": migrationsSqlPostgres8Sql, + "migrations/sql/postgres/9.sql": migrationsSqlPostgres9Sql, + "migrations/sql/tests/.gitkeep": migrationsSqlTestsGitkeep, + "migrations/sql/tests/10_test.sql": migrationsSqlTests10_testSql, + "migrations/sql/tests/11_test.sql": migrationsSqlTests11_testSql, + "migrations/sql/tests/1_test.sql": migrationsSqlTests1_testSql, + "migrations/sql/tests/2_test.sql": migrationsSqlTests2_testSql, + "migrations/sql/tests/3_test.sql": migrationsSqlTests3_testSql, + "migrations/sql/tests/4_test.sql": migrationsSqlTests4_testSql, + "migrations/sql/tests/5_test.sql": migrationsSqlTests5_testSql, + "migrations/sql/tests/6_test.sql": migrationsSqlTests6_testSql, + "migrations/sql/tests/7_test.sql": migrationsSqlTests7_testSql, + "migrations/sql/tests/8_test.sql": migrationsSqlTests8_testSql, + "migrations/sql/tests/9_test.sql": migrationsSqlTests9_testSql, } // AssetDir returns the file names below a certain @@ -889,20 +801,16 @@ var _bintree = &bintree{nil, map[string]*bintree{ "migrations": &bintree{nil, map[string]*bintree{ "sql": &bintree{nil, map[string]*bintree{ "mysql": &bintree{nil, map[string]*bintree{ - ".gitattributes": &bintree{migrationsSqlMysqlGitattributes, map[string]*bintree{}}, - ".gitkeep": &bintree{migrationsSqlMysqlGitkeep, map[string]*bintree{}}, - "11.sql": &bintree{migrationsSqlMysql11Sql, map[string]*bintree{}}, - "4.sql": &bintree{migrationsSqlMysql4Sql, map[string]*bintree{}}, - "8.sql": &bintree{migrationsSqlMysql8Sql, map[string]*bintree{}}, - "9.sql": &bintree{migrationsSqlMysql9Sql, map[string]*bintree{}}, + "11.sql": &bintree{migrationsSqlMysql11Sql, map[string]*bintree{}}, + "4.sql": &bintree{migrationsSqlMysql4Sql, map[string]*bintree{}}, + "8.sql": &bintree{migrationsSqlMysql8Sql, map[string]*bintree{}}, + "9.sql": &bintree{migrationsSqlMysql9Sql, map[string]*bintree{}}, }}, "postgres": &bintree{nil, map[string]*bintree{ - ".gitattributes": &bintree{migrationsSqlPostgresGitattributes, map[string]*bintree{}}, - ".gitkeep": &bintree{migrationsSqlPostgresGitkeep, map[string]*bintree{}}, - "11.sql": &bintree{migrationsSqlPostgres11Sql, map[string]*bintree{}}, - "4.sql": &bintree{migrationsSqlPostgres4Sql, map[string]*bintree{}}, - "8.sql": &bintree{migrationsSqlPostgres8Sql, map[string]*bintree{}}, - "9.sql": &bintree{migrationsSqlPostgres9Sql, map[string]*bintree{}}, + "11.sql": &bintree{migrationsSqlPostgres11Sql, map[string]*bintree{}}, + "4.sql": &bintree{migrationsSqlPostgres4Sql, map[string]*bintree{}}, + "8.sql": &bintree{migrationsSqlPostgres8Sql, map[string]*bintree{}}, + "9.sql": &bintree{migrationsSqlPostgres9Sql, map[string]*bintree{}}, }}, "shared": &bintree{nil, map[string]*bintree{ ".gitattributes": &bintree{migrationsSqlSharedGitattributes, map[string]*bintree{}}, diff --git a/consent/migrations/sql/mysql/7.sql b/consent/migrations/sql/mysql/7.sql index f9238f8676f..d5e0a94e1eb 100644 --- a/consent/migrations/sql/mysql/7.sql +++ b/consent/migrations/sql/mysql/7.sql @@ -1,36 +1,57 @@ -- +migrate Up -ALTER TABLE hydra_oauth2_authentication_request MODIFY login_session_id VARCHAR(40) NULL; -ALTER TABLE hydra_oauth2_consent_request MODIFY login_session_id VARCHAR(40) NULL; -ALTER TABLE hydra_oauth2_consent_request ALTER login_session_id DROP DEFAULT; -ALTER TABLE hydra_oauth2_authentication_request ALTER login_session_id DROP DEFAULT; -UPDATE hydra_oauth2_authentication_request SET login_session_id = NULL WHERE login_session_id=''; -UPDATE hydra_oauth2_consent_request SET login_session_id = NULL WHERE login_session_id=''; +-- This can be null when no previous login session exists, so let's remove default +ALTER TABLE hydra_oauth2_authentication_request ALTER COLUMN login_session_id DROP DEFAULT; -DELETE FROM hydra_oauth2_consent_request_handled WHERE NOT EXISTS (SELECT 1 FROM hydra_oauth2_consent_request WHERE hydra_oauth2_consent_request_handled.challenge = hydra_oauth2_consent_request.challenge); -DELETE FROM hydra_oauth2_authentication_request_handled WHERE NOT EXISTS (SELECT 1 FROM hydra_oauth2_consent_request WHERE hydra_oauth2_authentication_request_handled.challenge = hydra_oauth2_consent_request.challenge); +-- This can be null when no previous login session exists or if that session has been removed, so let's remove default +ALTER TABLE hydra_oauth2_consent_request ALTER COLUMN login_session_id DROP DEFAULT; -ALTER TABLE hydra_oauth2_consent_request_handled ADD CONSTRAINT hydra_oauth2_consent_request_handled_challenge_fk FOREIGN KEY (challenge) REFERENCES hydra_oauth2_consent_request(challenge) ON DELETE CASCADE; -ALTER TABLE hydra_oauth2_authentication_request_handled ADD CONSTRAINT hydra_oauth2_authentication_request_handled_challenge_fk FOREIGN KEY (challenge) REFERENCES hydra_oauth2_authentication_request(challenge) ON DELETE CASCADE; +-- This can be null when the login_challenge was deleted (should not delete the consent itself) +ALTER TABLE hydra_oauth2_consent_request ALTER COLUMN login_challenge DROP DEFAULT; -DELETE FROM hydra_oauth2_consent_request WHERE login_challenge=''; +-- Consent requests that point to an empty or invalid login request should set their login_challenge to NULL +UPDATE hydra_oauth2_consent_request SET login_challenge = NULL WHERE NOT EXISTS ( + SELECT 1 FROM hydra_oauth2_authentication_request WHERE hydra_oauth2_consent_request.login_challenge = hydra_oauth2_authentication_request.challenge +); -DELETE FROM hydra_oauth2_authentication_request WHERE NOT EXISTS (SELECT 1 FROM hydra_client WHERE hydra_oauth2_authentication_request.client_id = hydra_client.id); -DELETE FROM hydra_oauth2_authentication_request WHERE NOT EXISTS (SELECT 1 FROM hydra_oauth2_authentication_session WHERE hydra_oauth2_authentication_request.login_session_id = hydra_oauth2_authentication_session.id); +-- Consent requests that point to an empty or invalid login session should set their login_session_id to NULL +UPDATE hydra_oauth2_consent_request SET login_session_id = NULL WHERE NOT EXISTS ( + SELECT 1 FROM hydra_oauth2_authentication_session WHERE hydra_oauth2_consent_request.login_session_id = hydra_oauth2_authentication_session.id +); -DELETE FROM hydra_oauth2_consent_request WHERE NOT EXISTS (SELECT 1 FROM hydra_client WHERE hydra_oauth2_consent_request.client_id = hydra_client.id); -DELETE FROM hydra_oauth2_consent_request WHERE NOT EXISTS (SELECT 1 FROM hydra_oauth2_authentication_session WHERE hydra_oauth2_consent_request.login_session_id = hydra_oauth2_authentication_session.id); -DELETE FROM hydra_oauth2_consent_request WHERE NOT EXISTS (SELECT 1 FROM hydra_oauth2_authentication_request WHERE hydra_oauth2_consent_request.login_challenge = hydra_oauth2_authentication_request.challenge); +-- Login requests that point to a login session that no longer exists (or was never set in the first place) should set that to NULL +UPDATE hydra_oauth2_authentication_request SET login_session_id = NULL WHERE NOT EXISTS ( + SELECT 1 FROM hydra_oauth2_authentication_session WHERE hydra_oauth2_authentication_request.login_session_id = hydra_oauth2_authentication_session.id +); +-- Login, consent, obfuscated sessions that point to a client which no longer exists must be deleted +DELETE FROM hydra_oauth2_authentication_request WHERE NOT EXISTS (SELECT 1 FROM hydra_client WHERE hydra_oauth2_authentication_request.client_id = hydra_client.id); +DELETE FROM hydra_oauth2_consent_request WHERE NOT EXISTS (SELECT 1 FROM hydra_client WHERE hydra_oauth2_consent_request.client_id = hydra_client.id); DELETE FROM hydra_oauth2_obfuscated_authentication_session WHERE NOT EXISTS (SELECT 1 FROM hydra_client WHERE hydra_oauth2_obfuscated_authentication_session.client_id = hydra_client.id); +-- Handled login and consent requests which point to a consent/login request that no longer exists must be deleted +DELETE FROM hydra_oauth2_consent_request_handled WHERE NOT EXISTS (SELECT 1 FROM hydra_oauth2_consent_request WHERE hydra_oauth2_consent_request_handled.challenge = hydra_oauth2_consent_request.challenge); +DELETE FROM hydra_oauth2_authentication_request_handled WHERE NOT EXISTS (SELECT 1 FROM hydra_oauth2_consent_request WHERE hydra_oauth2_authentication_request_handled.challenge = hydra_oauth2_consent_request.challenge); + +-- Actual indices + +-- Handled consent and authentication requests must cascade delete when their parent (the request itself) is removed +ALTER TABLE hydra_oauth2_consent_request_handled ADD CONSTRAINT hydra_oauth2_consent_request_handled_challenge_fk FOREIGN KEY (challenge) REFERENCES hydra_oauth2_consent_request(challenge) ON DELETE CASCADE; +ALTER TABLE hydra_oauth2_authentication_request_handled ADD CONSTRAINT hydra_oauth2_authentication_request_handled_challenge_fk FOREIGN KEY (challenge) REFERENCES hydra_oauth2_authentication_request(challenge) ON DELETE CASCADE; + +-- Login, consent, obfuscated must be deleted when the oauth2 client is being deleted ALTER TABLE hydra_oauth2_consent_request ADD CONSTRAINT hydra_oauth2_consent_request_client_id_fk FOREIGN KEY (client_id) REFERENCES hydra_client(id) ON DELETE CASCADE; ALTER TABLE hydra_oauth2_authentication_request ADD CONSTRAINT hydra_oauth2_authentication_request_client_id_fk FOREIGN KEY (client_id) REFERENCES hydra_client(id) ON DELETE CASCADE; ALTER TABLE hydra_oauth2_obfuscated_authentication_session ADD CONSTRAINT hydra_oauth2_obfuscated_authentication_session_client_id_fk FOREIGN KEY (client_id) REFERENCES hydra_client(id) ON DELETE CASCADE; -ALTER TABLE hydra_oauth2_consent_request ADD CONSTRAINT hydra_oauth2_consent_request_login_session_id_fk FOREIGN KEY (login_session_id) REFERENCES hydra_oauth2_authentication_session(id) ON DELETE CASCADE; +-- If a login session is removed, the associated login requests must be cascade deleted ALTER TABLE hydra_oauth2_authentication_request ADD CONSTRAINT hydra_oauth2_authentication_request_login_session_id_fk FOREIGN KEY (login_session_id) REFERENCES hydra_oauth2_authentication_session(id) ON DELETE CASCADE; -ALTER TABLE hydra_oauth2_consent_request ADD CONSTRAINT hydra_oauth2_consent_request_login_challenge_fk FOREIGN KEY (login_challenge) REFERENCES hydra_oauth2_authentication_request(challenge) ON DELETE CASCADE; + +-- But if a login session is removed the consent request should simply set it to NULL +ALTER TABLE hydra_oauth2_consent_request ADD CONSTRAINT hydra_oauth2_consent_request_login_session_id_fk FOREIGN KEY (login_session_id) REFERENCES hydra_oauth2_authentication_session(id) ON DELETE SET NULL; + +-- It should also be set to null if the login request is deleted (because consent does not care about that) +ALTER TABLE hydra_oauth2_consent_request ADD CONSTRAINT hydra_oauth2_consent_request_login_challenge_fk FOREIGN KEY (login_challenge) REFERENCES hydra_oauth2_authentication_request(challenge) ON DELETE SET NULL; -- +migrate Down ALTER TABLE hydra_oauth2_consent_request_handled DROP FOREIGN KEY hydra_oauth2_consent_request_handled_challenge_fk; @@ -43,3 +64,8 @@ ALTER TABLE hydra_oauth2_obfuscated_authentication_session DROP FOREIGN KEY hydr ALTER TABLE hydra_oauth2_consent_request DROP FOREIGN KEY hydra_oauth2_consent_request_login_session_id_fk; ALTER TABLE hydra_oauth2_authentication_request DROP FOREIGN KEY hydra_oauth2_authentication_request_login_session_id_fk; ALTER TABLE hydra_oauth2_consent_request DROP FOREIGN KEY hydra_oauth2_consent_request_login_challenge_fk; + +-- Revert defaults +ALTER TABLE hydra_oauth2_authentication_request ALTER COLUMN login_session_id SET DEFAULT ''; +ALTER TABLE hydra_oauth2_consent_request ALTER COLUMN login_session_id SET DEFAULT ''; +ALTER TABLE hydra_oauth2_consent_request ALTER COLUMN login_challenge SET DEFAULT ''; \ No newline at end of file diff --git a/consent/migrations/sql/postgres/7.sql b/consent/migrations/sql/postgres/7.sql index 4f6ec4852cf..4479452b83b 100644 --- a/consent/migrations/sql/postgres/7.sql +++ b/consent/migrations/sql/postgres/7.sql @@ -1,38 +1,59 @@ -- +migrate Up -ALTER TABLE hydra_oauth2_authentication_request ALTER COLUMN login_session_id DROP NOT NULL; -ALTER TABLE hydra_oauth2_consent_request ALTER COLUMN login_session_id DROP NOT NULL; + +-- This can be null when no previous login session exists, so let's remove default ALTER TABLE hydra_oauth2_authentication_request ALTER COLUMN login_session_id DROP DEFAULT; + +-- This can be null when no previous login session exists or if that session has been removed, so let's remove default ALTER TABLE hydra_oauth2_consent_request ALTER COLUMN login_session_id DROP DEFAULT; -UPDATE hydra_oauth2_authentication_request SET login_session_id = NULL WHERE login_session_id=''; -UPDATE hydra_oauth2_consent_request SET login_session_id = NULL WHERE login_session_id=''; +-- This can be null when the login_challenge was deleted (should not delete the consent itself) +ALTER TABLE hydra_oauth2_consent_request ALTER COLUMN login_challenge DROP DEFAULT; -DELETE FROM hydra_oauth2_consent_request_handled WHERE NOT EXISTS (SELECT 1 FROM hydra_oauth2_consent_request WHERE hydra_oauth2_consent_request_handled.challenge = hydra_oauth2_consent_request.challenge); -DELETE FROM hydra_oauth2_authentication_request_handled WHERE NOT EXISTS (SELECT 1 FROM hydra_oauth2_consent_request WHERE hydra_oauth2_authentication_request_handled.challenge = hydra_oauth2_consent_request.challenge); +-- Consent requests that point to an empty or invalid login request should set their login_challenge to NULL +UPDATE hydra_oauth2_consent_request SET login_challenge = NULL WHERE NOT EXISTS ( + SELECT 1 FROM hydra_oauth2_authentication_request WHERE hydra_oauth2_consent_request.login_challenge = hydra_oauth2_authentication_request.challenge +); -ALTER TABLE hydra_oauth2_consent_request_handled ADD CONSTRAINT hydra_oauth2_consent_request_handled_challenge_fk FOREIGN KEY (challenge) REFERENCES hydra_oauth2_consent_request(challenge) ON DELETE CASCADE; -ALTER TABLE hydra_oauth2_authentication_request_handled ADD CONSTRAINT hydra_oauth2_authentication_request_handled_challenge_fk FOREIGN KEY (challenge) REFERENCES hydra_oauth2_authentication_request(challenge) ON DELETE CASCADE; +-- Consent requests that point to an empty or invalid login session should set their login_session_id to NULL +UPDATE hydra_oauth2_consent_request SET login_session_id = NULL WHERE NOT EXISTS ( + SELECT 1 FROM hydra_oauth2_authentication_session WHERE hydra_oauth2_consent_request.login_session_id = hydra_oauth2_authentication_session.id +); -DELETE FROM hydra_oauth2_consent_request WHERE login_challenge=''; +-- Login requests that point to a login session that no longer exists (or was never set in the first place) should set that to NULL +UPDATE hydra_oauth2_authentication_request SET login_session_id = NULL WHERE NOT EXISTS ( + SELECT 1 FROM hydra_oauth2_authentication_session WHERE hydra_oauth2_authentication_request.login_session_id = hydra_oauth2_authentication_session.id +); +-- Login, consent, obfuscated sessions that point to a client which no longer exists must be deleted DELETE FROM hydra_oauth2_authentication_request WHERE NOT EXISTS (SELECT 1 FROM hydra_client WHERE hydra_oauth2_authentication_request.client_id = hydra_client.id); -DELETE FROM hydra_oauth2_authentication_request WHERE NOT EXISTS (SELECT 1 FROM hydra_oauth2_authentication_session WHERE hydra_oauth2_authentication_request.login_session_id = hydra_oauth2_authentication_session.id); - DELETE FROM hydra_oauth2_consent_request WHERE NOT EXISTS (SELECT 1 FROM hydra_client WHERE hydra_oauth2_consent_request.client_id = hydra_client.id); -DELETE FROM hydra_oauth2_consent_request WHERE NOT EXISTS (SELECT 1 FROM hydra_oauth2_authentication_session WHERE hydra_oauth2_consent_request.login_session_id = hydra_oauth2_authentication_session.id); -DELETE FROM hydra_oauth2_consent_request WHERE NOT EXISTS (SELECT 1 FROM hydra_oauth2_authentication_request WHERE hydra_oauth2_consent_request.login_challenge = hydra_oauth2_authentication_request.challenge); - DELETE FROM hydra_oauth2_obfuscated_authentication_session WHERE NOT EXISTS (SELECT 1 FROM hydra_client WHERE hydra_oauth2_obfuscated_authentication_session.client_id = hydra_client.id); +-- Handled login and consent requests which point to a consent/login request that no longer exists must be deleted +DELETE FROM hydra_oauth2_consent_request_handled WHERE NOT EXISTS (SELECT 1 FROM hydra_oauth2_consent_request WHERE hydra_oauth2_consent_request_handled.challenge = hydra_oauth2_consent_request.challenge); +DELETE FROM hydra_oauth2_authentication_request_handled WHERE NOT EXISTS (SELECT 1 FROM hydra_oauth2_consent_request WHERE hydra_oauth2_authentication_request_handled.challenge = hydra_oauth2_consent_request.challenge); + +-- Actual indices + SET session_replication_role = replica; +-- Handled consent and authentication requests must cascade delete when their parent (the request itself) is removed +ALTER TABLE hydra_oauth2_consent_request_handled ADD CONSTRAINT hydra_oauth2_consent_request_handled_challenge_fk FOREIGN KEY (challenge) REFERENCES hydra_oauth2_consent_request(challenge) ON DELETE CASCADE; +ALTER TABLE hydra_oauth2_authentication_request_handled ADD CONSTRAINT hydra_oauth2_authentication_request_handled_challenge_fk FOREIGN KEY (challenge) REFERENCES hydra_oauth2_authentication_request(challenge) ON DELETE CASCADE; + +-- Login, consent, obfuscated must be deleted when the oauth2 client is being deleted ALTER TABLE hydra_oauth2_consent_request ADD CONSTRAINT hydra_oauth2_consent_request_client_id_fk FOREIGN KEY (client_id) REFERENCES hydra_client(id) ON DELETE CASCADE; ALTER TABLE hydra_oauth2_authentication_request ADD CONSTRAINT hydra_oauth2_authentication_request_client_id_fk FOREIGN KEY (client_id) REFERENCES hydra_client(id) ON DELETE CASCADE; ALTER TABLE hydra_oauth2_obfuscated_authentication_session ADD CONSTRAINT hydra_oauth2_obfuscated_authentication_session_client_id_fk FOREIGN KEY (client_id) REFERENCES hydra_client(id) ON DELETE CASCADE; -ALTER TABLE hydra_oauth2_consent_request ADD CONSTRAINT hydra_oauth2_consent_request_login_session_id_fk FOREIGN KEY (login_session_id) REFERENCES hydra_oauth2_authentication_session(id) ON DELETE CASCADE; +-- If a login session is removed, the associated login requests must be cascade deleted ALTER TABLE hydra_oauth2_authentication_request ADD CONSTRAINT hydra_oauth2_authentication_request_login_session_id_fk FOREIGN KEY (login_session_id) REFERENCES hydra_oauth2_authentication_session(id) ON DELETE CASCADE; -ALTER TABLE hydra_oauth2_consent_request ADD CONSTRAINT hydra_oauth2_consent_request_login_challenge_fk FOREIGN KEY (login_challenge) REFERENCES hydra_oauth2_authentication_request(challenge) ON DELETE CASCADE; + +-- But if a login session is removed the consent request should simply set it to NULL +ALTER TABLE hydra_oauth2_consent_request ADD CONSTRAINT hydra_oauth2_consent_request_login_session_id_fk FOREIGN KEY (login_session_id) REFERENCES hydra_oauth2_authentication_session(id) ON DELETE SET NULL; + +-- It should also be set to null if the login request is deleted (because consent does not care about that) +ALTER TABLE hydra_oauth2_consent_request ADD CONSTRAINT hydra_oauth2_consent_request_login_challenge_fk FOREIGN KEY (login_challenge) REFERENCES hydra_oauth2_authentication_request(challenge) ON DELETE SET NULL; SET session_replication_role = DEFAULT; @@ -47,3 +68,8 @@ ALTER TABLE hydra_oauth2_obfuscated_authentication_session DROP CONSTRAINT hydra ALTER TABLE hydra_oauth2_consent_request DROP CONSTRAINT hydra_oauth2_consent_request_login_session_id_fk; ALTER TABLE hydra_oauth2_authentication_request DROP CONSTRAINT hydra_oauth2_authentication_request_login_session_id_fk; ALTER TABLE hydra_oauth2_consent_request DROP CONSTRAINT hydra_oauth2_consent_request_login_challenge_fk; + +-- Revert defaults +ALTER TABLE hydra_oauth2_authentication_request ALTER COLUMN login_session_id SET DEFAULT ''; +ALTER TABLE hydra_oauth2_consent_request ALTER COLUMN login_session_id SET DEFAULT ''; +ALTER TABLE hydra_oauth2_consent_request ALTER COLUMN login_challenge SET DEFAULT ''; \ No newline at end of file diff --git a/consent/sql_migration_files.go b/consent/sql_migration_files.go index 3f6c39fce5b..5c264ec5e63 100644 --- a/consent/sql_migration_files.go +++ b/consent/sql_migration_files.go @@ -142,7 +142,7 @@ func migrationsSqlShared2Sql() (*asset, error) { return nil, err } - info := bindataFileInfo{name: "migrations/sql/shared/2.sql", size: 714, mode: os.FileMode(438), modTime: time.Unix(1542578018, 0)} + info := bindataFileInfo{name: "migrations/sql/shared/2.sql", size: 714, mode: os.FileMode(438), modTime: time.Unix(1542622082, 0)} a := &asset{bytes: bytes, info: info} return a, nil } @@ -247,7 +247,7 @@ func migrationsSqlMysql6Sql() (*asset, error) { return a, nil } -var _migrationsSqlMysql7Sql = []byte("\x1f\x8b\x08\x00\x00\x00\x00\x00\x00\xff\xcc\x57\x4d\x6f\xd3\x40\x10\xbd\x47\xca\x7f\x98\x5b\x53\xa1\x46\x80\xb8\x45\x39\x2c\xf6\x84\x46\xb8\x76\xb5\xde\x00\x3d\x59\xc6\xde\x26\x16\xc6\x86\xd8\x11\xe2\xdf\xa3\x34\x26\x35\xfe\xd8\xaf\xc4\xa1\x97\x5c\xd6\xf3\xde\xbc\xd9\x99\xb7\x93\x9b\x1b\x78\xf5\x3d\x59\x6f\xc3\x92\xc3\xea\xc7\x78\x44\x1c\x86\x14\x18\x79\xef\x20\x6c\x7e\xc7\xdb\x30\xc8\xc3\x5d\xb9\x79\x1b\xec\x7f\x79\x56\x26\x51\x58\x26\x79\x16\x6c\xf9\xcf\x1d\x2f\x4a\xb8\xf3\xec\xe5\xe2\x01\xd2\x7c\x9d\x64\x41\xc1\x8b\x62\x7f\x98\xc4\xf0\x89\x50\xeb\x96\xd0\xc9\xbb\xd7\xd7\xe0\xae\x1c\x67\x26\x80\x8e\xf2\xac\xe0\x59\x39\x28\xe6\xe1\xc3\x16\xa4\x4d\xbd\x7b\xb0\x71\x41\x56\x0e\x13\xc1\xf5\xa8\x57\x43\x1d\x8f\x56\xf7\x36\x61\x6a\x90\x3e\xb2\x36\xe0\xfc\x49\x2f\x7c\xbe\x45\x8a\xad\xd3\xf9\xd5\xd5\xac\x9b\xa2\x59\x04\x53\xec\xf1\xc8\x46\x07\x19\xc2\x82\x7a\x77\x42\x8a\x60\x13\x66\x71\xca\xe3\x0a\xce\xf5\x18\xe0\x97\xa5\xcf\x7c\x98\xf8\xe8\xa0\xc5\xe0\x8d\x1c\xa4\x0a\x56\xe1\x99\x46\x9b\x30\x4d\x79\xb6\xe6\x30\x17\x06\x3c\x7f\x78\x3d\x13\xc8\xe9\xbe\x94\xc1\x54\x89\xe9\x0c\xc5\xa9\x4f\xc5\x51\x17\xb1\x6d\xb0\x3c\xd7\x67\x94\x2c\x5d\xa6\x14\x13\x1c\x39\x83\xc7\x6f\xb0\xf0\x28\x2e\x3f\xb8\xf0\x11\x1f\x60\xf2\x9c\x0d\x50\x5c\x20\x45\xd7\x42\x5f\x08\x5a\x0f\xf1\x5c\xa8\xae\xc7\x22\xbe\x45\x6c\xd4\x9f\x4b\x25\x5d\xe2\xd0\xd3\xe4\x75\x63\xcb\x54\xaa\x8f\xd9\x3f\xd3\x7a\x44\x95\x0e\x6b\x8f\xe5\xa8\x75\x75\x94\x26\x3c\xd3\xe8\xe2\xe9\x21\xe0\x60\x31\x75\x88\x69\x12\x1b\xcc\xa0\xde\xec\x35\x30\x2a\x43\xd3\x48\xbe\xc3\x26\x15\x08\x2a\x69\xda\x17\x69\x5e\xfb\x96\x13\x18\x16\xdd\x2c\x2f\xed\x6a\x37\xd3\x3d\xa9\xcc\x17\x11\xa3\xfe\x26\x4d\x1b\xe3\x28\xd1\xd2\xe3\xdd\xbd\xa2\xf2\xaf\x8f\xbb\x22\x0a\x4b\x1e\x8b\xeb\x6d\xde\x4b\x52\x06\x59\x77\xe9\xec\x63\x1a\x2f\xce\x91\xb5\x6d\xc5\x7f\x4f\x3a\xac\xf8\x70\x36\xd9\x9f\x9d\xe1\x49\x31\x79\x4a\x2e\x9b\xb7\xbc\x3f\x44\x12\xa4\xd1\xc3\xa8\x19\xa8\x63\x9a\xb6\xd2\x4a\xb9\xf9\x81\xf2\x53\x5e\x85\xfc\xcf\xb6\x7a\x81\xe2\x4e\xbf\xab\xfe\x75\xab\x71\x7e\xfe\xa5\xab\xfe\x17\xd8\xce\x7f\x65\x06\xfb\xf3\xd3\x1f\xbe\x7a\xd6\xda\x1b\xf4\x09\x4b\xae\x98\x5c\x63\xcd\xd5\x9b\x47\x3d\xcd\x75\xf7\x30\x18\x13\x23\x8d\xaa\x9c\x72\xe7\x14\xd3\xeb\x79\xe7\x90\x55\xee\xb0\x86\x4b\x15\x5b\x93\xfa\x1c\x3a\x1b\xbd\xfb\x27\x00\x00\xff\xff\x0b\xa7\x2a\xb2\xcb\x12\x00\x00") +var _migrationsSqlMysql7Sql = []byte("\x1f\x8b\x08\x00\x00\x00\x00\x00\x00\xff\xc4\x58\xcf\x8f\xea\x36\x10\xbe\x23\xf1\x3f\xcc\x6d\x59\x75\xa1\x6a\xaf\x4f\x3d\xe4\x81\xb7\x6f\xd5\x3c\x58\x85\xa0\xb6\x27\x64\x92\x81\x58\x35\x36\x8d\x1d\xb6\xfb\xdf\x57\x49\x9c\x1f\x24\x10\x92\xc0\xee\xbb\x70\x20\xf6\xcc\x37\x9f\x3f\xcf\x8c\x67\x3c\x86\x9f\xf6\x6c\x17\x52\x8d\xb0\x3a\x0c\x07\xc3\xc1\x78\x0c\x6e\xc0\x14\x78\x54\xc0\x06\x41\x44\x9c\xc3\x5b\x80\x02\x84\x84\x43\x88\x47\x26\x23\x05\x5c\xee\x98\x00\x85\x4a\x31\x29\x00\xff\x63\x4a\xab\x27\x50\x12\x38\xea\x07\x05\x21\xee\xe5\x11\xc1\xc7\x2d\x8d\xb8\x1e\x0e\x2c\xdb\x25\x0e\xb8\xd6\x57\x9b\x40\xf0\xee\x87\x74\x2d\x69\xa4\x83\x5f\xd7\xf1\x2f\x0a\xcd\x3c\xaa\x99\x14\xeb\x10\xff\x8d\x50\x69\x48\xd7\x4f\x17\xf6\xea\xfb\x3c\xf5\xb5\x36\xbe\xd6\xcc\x87\x99\xb3\x78\x85\x19\x79\xb6\x56\xb6\xfb\xe5\x26\xc8\x20\x43\x60\x5b\xd0\x01\xd5\xf9\x97\x80\x2a\xd8\x20\x0a\x13\x84\xdf\x27\x2c\x4f\x0a\x85\x42\xdf\x3d\x1e\x1d\xa0\xd9\xee\x05\x94\x73\x14\x3b\x84\x37\xaa\xc0\x47\x8e\x1a\x7d\x18\xa9\x40\x46\xdc\x07\x21\xb5\xf9\x2f\xd9\x62\xe0\x00\xd3\x0a\xf9\xf6\xf1\x36\xe0\x85\xe7\x73\xb8\xa7\xc6\x95\x31\xa0\x52\x6e\x0f\x92\x09\x0d\x5a\x02\x15\x80\xfb\x83\x7e\x4f\x88\x17\x47\xca\x99\x6f\x0e\x26\xf3\x68\x22\x50\xa8\x63\xe8\x2c\xac\x79\xd5\x12\xe6\x2b\xdb\x1e\x0e\x56\xaf\x33\xcb\xbd\x82\x7f\x49\xdc\x9a\x81\xdf\x92\xfd\xf0\xe7\x37\xe2\x10\x98\x2f\x5c\x20\x7f\xbd\x2c\xdd\x25\x8c\x86\x03\x80\x25\xb1\xc9\xd4\x85\x5f\xe0\xd9\x59\x7c\x6f\xa5\xd5\xd4\x4e\x13\x8a\x49\x1d\x41\x0b\xc3\x93\x7c\xfd\x70\xf0\x78\x33\xbd\x99\xba\x2f\xd0\x5b\x52\x63\x4f\x7e\x4b\x16\xee\x44\x70\x06\xb9\x35\xc1\x27\x10\x5a\x58\x9e\x30\xbf\x44\xad\x5d\x96\x61\x8d\xd8\x0a\x8d\xc9\x57\x21\x81\x4b\xb1\xc3\x30\xcb\x26\x23\x19\x26\xd7\x51\xe0\x11\xc3\x84\x63\x96\xde\xd9\x2d\x0b\x95\x86\x03\xa7\x1e\x3e\x9e\x1e\x01\xd5\xcd\x84\x5f\x10\xdd\x0f\xe2\xfd\x82\x52\xef\x46\xff\x53\x96\xaa\x9e\x40\x6e\xb6\x91\xf2\x68\x9c\xd5\xcc\xfa\xfa\x99\x78\x9c\xc5\x97\xe1\x2d\x60\x5e\x50\x3f\x8d\x7d\xa4\x74\x9c\x3e\x4d\x72\x1c\x0e\x66\xc4\x26\x2e\xe9\x7a\xb3\xcb\x44\x9e\x23\xd1\x80\x68\xcf\x56\xba\xa1\x4c\x53\xfa\xcf\x84\xf9\x31\x1b\x17\x51\x56\xef\xde\xad\xf0\xaa\x97\xa8\x2f\xae\xe2\xa4\x9a\x95\xd4\x1f\xe9\x55\x0f\xd7\xb0\x27\x0a\xfb\x46\x85\xcf\x31\x4b\x88\x54\xf8\x79\x5d\xcc\x2f\x7d\xaa\xa4\xb2\xc2\xd2\x15\x3f\x9f\xd6\xa8\xf3\xb7\xbf\xbd\xde\x2a\xcc\xaf\x03\x83\xac\x1d\x4f\x8d\x72\x68\xe3\x67\x72\xb1\x12\xd5\x24\x91\x2d\x6c\x14\xc0\x79\x9d\x7f\x58\x54\xcd\xee\x7a\x06\x97\x28\xc4\xf2\x74\x44\x39\x30\xe1\x33\x0f\x55\x45\x36\x99\x58\x62\xe1\x9c\x42\x28\xf4\x93\x48\xc0\xa3\xca\xa3\x7e\xa6\x83\xbc\x71\x63\x21\x1c\x68\x18\x5b\x18\xc5\x25\x21\x0b\xd0\xf4\x64\xc0\xb2\xf6\xd2\x6f\xdf\x9e\xe5\x14\x5b\xb3\x19\x4c\x17\xf3\xa5\xeb\x58\x2f\x73\xb7\xd5\x9e\xa2\x1d\x59\x6f\xff\x81\xe7\x85\x43\x5e\x7e\x9f\xc3\x1f\xe4\x6f\x18\x15\xc4\x80\x43\x9e\x89\x43\xe6\x53\xb2\x6c\x34\x5a\xde\xb2\x98\x83\x51\xca\xd4\x5a\x4e\xad\x19\xf9\xd2\xb9\xff\x6f\x15\x57\xf3\xd6\xdb\xc2\x3b\x6f\xfb\x5a\x94\xd7\xea\x58\x25\x41\x14\x2d\x7d\xea\x35\x2b\x67\x2c\x7e\x7f\x30\xb1\x2b\x12\x49\xfb\x76\xbd\x83\x0e\xf2\x94\x59\x27\x28\xfb\x72\x86\xa0\xf4\xdb\x28\xfe\x76\x87\x83\xee\x73\xc0\x9f\x8b\xfb\x7a\x71\x6b\x0a\xe1\xea\xee\x8f\x89\x26\x11\xe2\xcb\xb6\xd6\xb5\x16\x39\xe6\x29\xd1\x1d\x55\x4a\x7a\x2c\xd1\x26\x3f\xed\x7e\x33\xa9\x9e\xe6\xb2\x26\x29\xde\xef\x80\xab\xdd\x64\x8d\x99\xea\x82\xd6\xf7\xd8\x6c\x69\xe6\xed\x6b\xa4\x81\x35\x71\x77\xf2\xa4\xae\x3e\x5b\xd9\xfe\xc0\xdf\xd3\xd6\xbf\xd4\xd9\x7f\xc8\x05\xfe\x6c\x9e\xe2\x37\x47\x1c\x4e\x2e\xb0\x3c\x6a\xca\x95\x8c\xd5\x92\x3c\x69\x64\x3a\xaf\x48\xc6\x2a\x58\x79\xdc\xb3\xd2\xa8\x62\x83\x1e\x8d\x54\xc1\xa4\x2f\x51\x25\x83\x0b\x8f\x86\x08\x74\x23\xa3\xb4\xd1\xea\x34\xae\xe8\x4c\xdf\xe5\x32\x51\xf9\x7e\x9f\x62\x51\xe5\x30\x9f\xbd\xcd\xe4\x9b\xe8\x51\xf8\x93\x11\x4c\x19\x76\xe7\xd2\x7f\x43\x75\x6e\x76\xde\xa1\x3e\x27\x6c\xb4\x3e\xe4\x6e\x31\x97\x13\x6c\x8f\x02\xd5\x2b\xc6\xb6\x3e\xaf\x17\x97\x66\xf7\xdd\xca\xcb\x47\xb2\x7c\x26\x17\x7d\x16\xd9\x1d\x5d\xdf\x23\xce\x9a\x76\xc7\x63\x70\xf0\x88\xa1\xce\x66\xc3\xea\xde\x33\xef\x38\x71\x98\x51\x2b\x3c\x3c\x74\x09\xf0\x13\xed\x16\x4f\xaf\x8a\xd9\xff\x03\x00\x00\xff\xff\xd8\x2f\x3b\xf3\x66\x18\x00\x00") func migrationsSqlMysql7SqlBytes() ([]byte, error) { return bindataRead( @@ -262,7 +262,7 @@ func migrationsSqlMysql7Sql() (*asset, error) { return nil, err } - info := bindataFileInfo{name: "migrations/sql/mysql/7.sql", size: 4811, mode: os.FileMode(438), modTime: time.Unix(1542578026, 0)} + info := bindataFileInfo{name: "migrations/sql/mysql/7.sql", size: 6246, mode: os.FileMode(438), modTime: time.Unix(1542626922, 0)} a := &asset{bytes: bytes, info: info} return a, nil } @@ -347,7 +347,7 @@ func migrationsSqlPostgres6Sql() (*asset, error) { return a, nil } -var _migrationsSqlPostgres7Sql = []byte("\x1f\x8b\x08\x00\x00\x00\x00\x00\x00\xff\xcc\x57\x4f\x8f\x9b\x4e\x0c\xbd\x47\xca\x77\xf0\x6d\xf3\xd3\x4f\x1b\xa9\xbd\x46\x39\x50\x70\xda\xa8\x2c\xac\x60\x50\xdb\x13\xa2\x30\x9b\xa0\xd2\x61\x1b\x88\xaa\x7e\xfb\x8a\x0d\x4b\x28\x90\xf9\x07\x49\x7b\xc9\x21\x33\x7e\xf6\xf3\xd8\xcf\xe6\xfe\x1e\xfe\xff\x9e\xee\x0e\x51\x49\x21\x78\x9e\xcf\x0c\x9b\xa0\x07\xc4\x78\x67\x23\xec\x7f\x25\x87\x28\xcc\xa3\x63\xb9\x7f\x1b\x56\xbf\x94\x95\x69\x1c\x95\x69\xce\xc2\x03\xfd\x71\xa4\x45\x09\xa7\xfb\xa6\x6b\x07\x0f\x0e\x64\xf9\x2e\x65\x61\x41\x8b\xa2\xba\x92\x26\x60\x79\xee\x23\x38\x2e\x01\x27\xb0\xed\x15\x07\x3d\xce\x59\x41\x59\x39\x35\xac\x7e\xd0\x16\x6e\x8c\xc0\x26\x13\xc7\x7c\x46\x9d\xcf\x82\x47\xcb\x20\x72\xf1\xfa\x48\xfa\x80\xeb\x17\xf6\xf0\xe9\x03\x7a\xd8\x3b\x5d\xdf\xdd\xad\x86\x5d\x74\xa3\xd6\xc5\x9e\xcf\x2c\xb4\x91\x20\x6c\x3c\xf7\x81\xeb\x22\xdc\x47\x2c\xc9\x68\x52\xc3\x55\xef\x86\x9f\xb7\x3e\xf1\x61\xe1\xa3\x8d\x26\x81\x37\x62\x90\xda\x58\xc6\xcf\x32\xde\x47\x59\x46\xd9\x8e\xc2\x9a\x6b\x70\xbe\xf8\xdf\x8a\x43\x67\xf8\x51\xae\xc6\x8a\xef\x4e\x93\x9c\x7c\x19\x37\xbc\x0c\xcb\x02\xd3\x75\x7c\xe2\x19\x5b\x87\x48\xd9\x84\x8d\xcf\xf0\xe9\x1b\x6c\x5c\x0f\xb7\xef\x1d\xf8\x88\x5f\x60\x71\x8e\x06\x3c\xdc\xa0\x87\x8e\x89\x3e\x17\xb4\x6d\xe2\x3a\x50\x3f\x8f\x69\xf8\xa6\x61\xa1\x7a\xd3\x4b\xf1\xe2\x9b\x8e\xa3\x37\x8c\x2d\x62\x29\xdf\x66\x7f\x74\x6b\x83\x2a\x6c\xd6\x0b\x92\x23\x57\xd5\x71\x96\x52\xa6\x50\xc5\xcb\x93\xc1\x49\x62\xda\x10\xcb\x34\xd1\xe8\x41\xb5\xde\xeb\x60\xd4\x82\xa6\x10\xfc\x80\x4c\x4a\x38\xa8\xa9\x29\x3f\xa4\x7e\xee\x7b\x4a\xa0\x99\x74\xbd\xb8\x94\xb3\xdd\x0d\x77\x54\x9a\x6f\x42\x46\x7e\x26\x2d\x3b\xed\x28\xe0\x72\x41\xbb\x2f\x92\xca\xbf\x3e\x1d\x8b\x38\x2a\x69\xc2\xcf\xb7\x7e\x2d\x09\x3d\x88\xaa\x6b\x3e\xab\x36\x8c\xd7\xd7\x3c\xd0\xe7\xac\x21\x9b\x67\x55\x3e\xea\xbf\x94\x86\x94\xd2\x70\x6a\x02\xec\xab\xf6\xeb\xc9\x80\x6a\x9f\xce\x16\xd5\xd9\x04\xd3\x47\x67\xea\xdc\x36\x6e\x71\x29\xf1\x28\x08\xad\xaf\xc3\xe6\x4a\x15\xd3\x55\xa0\x5e\xc8\xdd\x0b\xd2\x53\xbf\x36\xf9\x9b\x65\xf5\x0f\x92\x1b\xff\x56\x97\x37\xb3\xce\xf9\xf4\xfb\x99\x40\xde\xda\x9f\x7c\xed\x8f\x6d\x2b\xff\xc9\x34\xb6\xf2\x97\xcf\xc8\x31\x6b\xf9\x88\xcd\x99\xeb\x5b\x61\x75\x56\x6b\x5c\x25\xc6\x6d\x95\xd1\x68\x27\x1d\x86\xb2\x2e\xc5\x02\xcb\xf5\xae\xa6\xb0\x57\x4c\xf1\x80\x7e\xdc\x28\xd3\x8a\x9e\x27\x60\xd9\xa9\xda\xdf\x01\x00\x00\xff\xff\xaa\x4f\x07\x54\x2d\x13\x00\x00") +var _migrationsSqlPostgres7Sql = []byte("\x1f\x8b\x08\x00\x00\x00\x00\x00\x00\xff\xc4\x58\x4b\x8f\xea\x36\x14\xde\x23\xf1\x1f\xce\x6e\x18\x75\xa0\x6a\xb7\x57\x5d\x70\xc1\xd3\x3b\x2a\x17\x46\x10\xd4\x76\x85\x4c\x72\x20\x56\x8d\x4d\x63\x87\xe9\xfc\xfb\xca\x89\xf3\x20\x81\xbc\x60\xe6\x6e\xb2\x88\xed\xf3\xf8\xfc\x9d\x87\xcf\x70\x08\x3f\x1d\xd8\x3e\xa0\x1a\x61\x7d\xec\xf7\xfa\xbd\xe1\x10\x1c\x9f\x29\x70\xa9\x80\x2d\x82\x08\x39\x87\x37\x1f\x05\x08\x09\xc7\x00\x4f\x4c\x86\x0a\xb8\xdc\x33\x01\x0a\x95\x62\x52\x00\xfe\xc7\x94\x56\x4f\xa0\x24\x70\xd4\x0f\x0a\x02\x3c\xc8\x13\x82\x87\x3b\x1a\x72\xdd\xef\x8d\x67\x0e\x59\x82\x33\xfe\x3a\x23\xe0\xbf\x7b\x01\xdd\x48\x1a\x6a\xff\xd7\x8d\xf9\xa2\xd0\xcc\xa5\x9a\x49\xb1\x09\xf0\xdf\x10\x95\x86\x78\xff\x64\x31\x5b\x7f\x9f\xc7\xba\x36\x56\xd7\x86\x79\x30\x5d\x2e\x5e\x61\x4a\x9e\xc7\xeb\x99\xf3\xe5\x26\x93\x41\x06\xc0\x76\xa0\x7d\xaa\xd3\x15\x9f\x2a\xd8\x22\x0a\xeb\x84\xd7\xc5\x2d\x57\x0a\x85\x42\xdf\xdd\x1f\xed\xa3\x3d\xee\xfa\x94\x73\x14\x7b\x84\x37\xaa\xc0\x43\x8e\x1a\x3d\x18\x28\x5f\x86\xdc\x03\x21\xb5\xfd\x17\x1d\xb1\xe6\x00\xd3\x0a\xf9\xee\xf1\x36\xc3\x33\xcd\x97\xec\x9e\x58\x55\x56\x80\x8a\xb1\x3d\x4a\x26\x34\x68\x09\x54\x00\x1e\x8e\xfa\x3d\x02\x5e\x9c\x28\x67\x9e\xbd\x98\x44\xa3\xf5\x40\xa1\x36\xa6\xb3\xa0\xa4\x55\x4b\x98\xaf\x67\xb3\x7e\x6f\xfd\x3a\x1d\x3b\x35\xf6\xaf\x88\x53\x12\xf0\x5b\x74\x1e\xfe\xfc\x46\x96\x04\xe6\x0b\x07\xc8\x5f\x2f\x2b\x67\x05\x83\x7e\x0f\x60\x45\x66\x64\xe2\xc0\x2f\xf0\xbc\x5c\x7c\x6f\xc4\xd5\x58\x4e\x95\x15\xa3\xb2\x05\x0d\x04\x8f\xd2\xfd\xfd\xde\xe3\xcd\xf0\x26\xec\xbe\x02\x6f\x8e\x8d\x1d\xf1\xcd\x49\xb8\x13\xc0\x89\xc9\x8d\x01\x3e\x33\xa1\x81\xe4\x11\xf3\x72\xd0\xce\xf2\x34\x2c\x01\x5b\x80\x31\x5a\x15\x12\xb8\x14\x7b\x0c\x92\x6c\x32\x90\x41\x14\x8e\x02\x4f\x18\x44\x18\xb3\x38\x66\x77\x2c\x50\x1a\x8e\x9c\xba\xf8\x78\x7e\x05\x54\x57\x03\x7e\x85\x74\x3f\x08\xf7\x2b\x4c\xbd\x1b\xfc\x4f\x49\xaa\x7a\x02\xb9\xdd\x85\xca\xa5\x26\xab\xd9\xfd\xe5\x3b\x71\x39\x33\xc1\xf0\xe6\x33\xd7\x2f\xdf\xc6\x21\x54\xda\xa4\x4f\x9b\x1c\xfb\xbd\x29\x99\x11\x87\xb4\x8d\xec\x3c\x90\x97\x40\xb4\x46\x34\x47\x2b\x3e\x90\x87\x29\xfe\x33\x62\x9e\x41\xe3\xaa\x95\xc5\xd8\xbb\xd5\xbc\x62\x10\x75\xb5\x2b\xbb\xa9\x6a\x26\x75\xb7\xb4\x56\x43\x9d\xed\x11\xc3\xbe\x51\xe1\x71\x4c\x12\x22\x15\x5e\x5a\x17\xd3\xa0\x8f\x99\x94\x67\x58\xbc\xe3\xe7\xf3\x1a\x75\x39\xfa\x9b\xf3\xad\x80\xfc\xc6\xb7\x96\x35\xc3\xa9\x92\x0e\x4d\xf4\x8c\xae\x56\xa2\x12\x25\x92\x8d\x95\x04\xb8\xcc\xf3\x0f\xf3\xaa\x5a\x5d\x47\xe7\x22\x86\x8c\x5d\x1d\x52\x0e\x4c\x78\xcc\x45\x65\x7e\x9a\x3c\x9b\xe4\xb5\x00\x8f\x3c\x55\x2a\xb9\x91\x6f\x7f\x15\x19\x96\xf0\xca\x70\xec\xdc\xda\x8c\x6a\x11\x5b\x5c\xaa\x5c\xea\x25\x94\x49\x7b\x3c\x16\xc0\x91\x06\x46\xc2\xc0\x54\x8f\x04\x0b\xdb\xbe\x01\x4b\x3a\x51\xaf\x79\x27\x97\xde\xc6\x78\x3a\x85\xc9\x62\xbe\x72\x96\xe3\x97\xb9\xd3\xe8\x4c\xd6\xb9\x6c\x76\xff\xc0\xf3\x62\x49\x5e\x7e\x9f\xc3\x1f\xe4\x6f\x18\x64\x18\xc2\x92\x3c\x93\x25\x99\x4f\xc8\xaa\x52\x68\xfe\xc8\x62\x0e\x96\x54\x93\xf1\x6a\x32\x9e\x92\x2f\xad\x9f\x0a\x8d\xfc\xaa\x3e\x7a\x9b\x7b\x97\x65\xd7\x79\x59\x57\xf2\x0a\xb9\x24\xeb\xfe\x63\xad\x49\xe5\x63\xe6\xa9\xc2\xc4\x3e\xcb\x39\xcd\x3b\xfb\x16\x3c\x48\xb3\x6b\x19\xa0\x64\xe5\x02\x40\xf1\xda\xc0\xac\xdd\xe1\xa2\xbb\x5c\xf0\xe7\xda\x5d\x5f\x07\xab\x5c\xa8\x3d\xfd\x31\xde\x44\x44\x7c\xd9\x95\x1a\xdc\x2c\xc7\x3c\x45\xbc\xa3\x4a\x49\x97\x45\xdc\xe4\xe7\x8d\x72\x42\xd5\xf3\x5c\x56\x45\xc5\xfb\x5d\x70\xb1\xf1\x2c\x21\x53\xdc\xd0\x38\x8e\xed\x91\x6a\xdc\xbe\x86\x1a\x58\x15\x76\x67\xaf\xef\xe2\x0b\x97\x1d\x8e\xfc\x3d\x7e\x25\xe4\x1e\x01\x1f\x12\xc0\x9f\x8d\x93\x29\x9b\xc6\x9d\x94\x60\xa9\xd7\x94\x2b\x69\xd8\x12\xbd\x7e\x64\x3c\xda\x88\x26\x30\x58\x98\x03\xb0\xdc\x54\x63\x8b\x2e\x0d\x55\x86\xa4\x27\x51\x45\x33\x0e\x97\x06\x08\x74\x2b\xc3\xb8\x27\x6b\x35\xd9\x68\x0d\xdf\xf5\x32\x51\x58\xbf\x4f\xb1\x38\xc3\xb0\xa6\x0f\x29\x0c\x61\xd2\x89\xde\x54\xbe\x89\x0e\x3d\x42\x34\xd8\xb9\xa5\x49\xb8\xa1\x8e\x57\xea\x6e\x51\xc8\x23\x2c\x1a\xb3\xa1\x95\xc7\xf9\x44\xdc\xa1\x90\x75\xf1\xb0\xa9\xca\xfa\x1a\x54\xa9\xbd\x5d\x11\xfa\x40\x88\x2f\x24\xac\x4f\x42\xba\xa5\xe6\x3b\x78\x59\x62\xed\x70\x08\x4b\x3c\x61\xa0\x93\x49\xb3\xba\xf7\x04\xdd\xa4\x13\x9b\x33\xe0\xe1\xa1\x8d\x7f\x9f\x28\x37\x7b\xc8\x15\xc4\xfe\x1f\x00\x00\xff\xff\xbf\x92\xf0\xd7\xb4\x18\x00\x00") func migrationsSqlPostgres7SqlBytes() ([]byte, error) { return bindataRead( @@ -362,7 +362,7 @@ func migrationsSqlPostgres7Sql() (*asset, error) { return nil, err } - info := bindataFileInfo{name: "migrations/sql/postgres/7.sql", size: 4909, mode: os.FileMode(438), modTime: time.Unix(1542578026, 0)} + info := bindataFileInfo{name: "migrations/sql/postgres/7.sql", size: 6324, mode: os.FileMode(438), modTime: time.Unix(1542626922, 0)} a := &asset{bytes: bytes, info: info} return a, nil } @@ -402,7 +402,7 @@ func migrationsSqlTests1_testSql() (*asset, error) { return nil, err } - info := bindataFileInfo{name: "migrations/sql/tests/1_test.sql", size: 2061, mode: os.FileMode(438), modTime: time.Unix(1542578026, 0)} + info := bindataFileInfo{name: "migrations/sql/tests/1_test.sql", size: 2061, mode: os.FileMode(438), modTime: time.Unix(1542622082, 0)} a := &asset{bytes: bytes, info: info} return a, nil } @@ -422,7 +422,7 @@ func migrationsSqlTests2_testSql() (*asset, error) { return nil, err } - info := bindataFileInfo{name: "migrations/sql/tests/2_test.sql", size: 2295, mode: os.FileMode(438), modTime: time.Unix(1542578026, 0)} + info := bindataFileInfo{name: "migrations/sql/tests/2_test.sql", size: 2295, mode: os.FileMode(438), modTime: time.Unix(1542622082, 0)} a := &asset{bytes: bytes, info: info} return a, nil } @@ -442,7 +442,7 @@ func migrationsSqlTests3_testSql() (*asset, error) { return nil, err } - info := bindataFileInfo{name: "migrations/sql/tests/3_test.sql", size: 2407, mode: os.FileMode(438), modTime: time.Unix(1542578026, 0)} + info := bindataFileInfo{name: "migrations/sql/tests/3_test.sql", size: 2407, mode: os.FileMode(438), modTime: time.Unix(1542622082, 0)} a := &asset{bytes: bytes, info: info} return a, nil } @@ -462,7 +462,7 @@ func migrationsSqlTests4_testSql() (*asset, error) { return nil, err } - info := bindataFileInfo{name: "migrations/sql/tests/4_test.sql", size: 2501, mode: os.FileMode(438), modTime: time.Unix(1542578026, 0)} + info := bindataFileInfo{name: "migrations/sql/tests/4_test.sql", size: 2501, mode: os.FileMode(438), modTime: time.Unix(1542622082, 0)} a := &asset{bytes: bytes, info: info} return a, nil } @@ -482,7 +482,7 @@ func migrationsSqlTests5_testSql() (*asset, error) { return nil, err } - info := bindataFileInfo{name: "migrations/sql/tests/5_test.sql", size: 2501, mode: os.FileMode(438), modTime: time.Unix(1542578026, 0)} + info := bindataFileInfo{name: "migrations/sql/tests/5_test.sql", size: 2501, mode: os.FileMode(438), modTime: time.Unix(1542622082, 0)} a := &asset{bytes: bytes, info: info} return a, nil } @@ -502,7 +502,7 @@ func migrationsSqlTests6_testSql() (*asset, error) { return nil, err } - info := bindataFileInfo{name: "migrations/sql/tests/6_test.sql", size: 5639, mode: os.FileMode(438), modTime: time.Unix(1542578026, 0)} + info := bindataFileInfo{name: "migrations/sql/tests/6_test.sql", size: 5639, mode: os.FileMode(438), modTime: time.Unix(1542622082, 0)} a := &asset{bytes: bytes, info: info} return a, nil } @@ -522,7 +522,7 @@ func migrationsSqlTests7_testSql() (*asset, error) { return nil, err } - info := bindataFileInfo{name: "migrations/sql/tests/7_test.sql", size: 2515, mode: os.FileMode(438), modTime: time.Unix(1542578026, 0)} + info := bindataFileInfo{name: "migrations/sql/tests/7_test.sql", size: 2515, mode: os.FileMode(438), modTime: time.Unix(1542622082, 0)} a := &asset{bytes: bytes, info: info} return a, nil } diff --git a/jwk/sql_migration_files.go b/jwk/sql_migration_files.go index 950bd1853b1..7c22cffc58a 100644 --- a/jwk/sql_migration_files.go +++ b/jwk/sql_migration_files.go @@ -170,7 +170,7 @@ func migrationsSqlPostgres4Sql() (*asset, error) { return nil, err } - info := bindataFileInfo{name: "migrations/sql/postgres/4.sql", size: 407, mode: os.FileMode(438), modTime: time.Unix(1542578059, 0)} + info := bindataFileInfo{name: "migrations/sql/postgres/4.sql", size: 407, mode: os.FileMode(438), modTime: time.Unix(1542622082, 0)} a := &asset{bytes: bytes, info: info} return a, nil } diff --git a/oauth2/fosite_store_helpers_test.go b/oauth2/fosite_store_helpers_test.go index 2eb64faf0f0..fbe48772e65 100644 --- a/oauth2/fosite_store_helpers_test.go +++ b/oauth2/fosite_store_helpers_test.go @@ -225,6 +225,26 @@ func testHelperCreateGetDeleteAuthorizeCodes(x managerTestSetup) func(t *testing } } +func testHelperNilAccessToken(x managerTestSetup) func(t *testing.T) { + return func(t *testing.T) { + m := x.f + c := &client.Client{ClientID: "nil-request-client-id-123"} + require.NoError(t, x.cl.CreateClient(context.Background(), c)) + err := m.CreateAccessTokenSession(context.TODO(), "nil-request-id", &fosite.Request{ + ID: "", + RequestedAt: time.Now().UTC().Round(time.Second), + Client: c, + RequestedScope: fosite.Arguments{"fa", "ba"}, + GrantedScope: fosite.Arguments{"fa", "ba"}, + RequestedAudience: fosite.Arguments{"ad1", "ad2"}, + GrantedAudience: fosite.Arguments{"ad1", "ad2"}, + Form: url.Values{"foo": []string{"bar", "baz"}}, + Session: &fosite.DefaultSession{Subject: "bar"}, + }) + require.NoError(t, err) + } +} + func testHelperCreateGetDeleteAccessTokenSession(x managerTestSetup) func(t *testing.T) { return func(t *testing.T) { m := x.f diff --git a/oauth2/fosite_store_sql.go b/oauth2/fosite_store_sql.go index 5c4e4901954..03ae875c48c 100644 --- a/oauth2/fosite_store_sql.go +++ b/oauth2/fosite_store_sql.go @@ -100,19 +100,19 @@ var sqlParams = []string{ } type sqlData struct { - PK int `db:"pk"` - Signature string `db:"signature"` - Request string `db:"request_id"` - RequestedAt time.Time `db:"requested_at"` - Client string `db:"client_id"` - Scopes string `db:"scope"` - GrantedScope string `db:"granted_scope"` - RequestedAudience string `db:"requested_audience"` - GrantedAudience string `db:"granted_audience"` - Form string `db:"form_data"` - Subject string `db:"subject"` - Active bool `db:"active"` - Session []byte `db:"session_data"` + PK int `db:"pk"` + Signature string `db:"signature"` + Request sql.NullString `db:"request_id"` + RequestedAt time.Time `db:"requested_at"` + Client string `db:"client_id"` + Scopes string `db:"scope"` + GrantedScope string `db:"granted_scope"` + RequestedAudience string `db:"requested_audience"` + GrantedAudience string `db:"granted_audience"` + Form string `db:"form_data"` + Subject string `db:"subject"` + Active bool `db:"active"` + Session []byte `db:"session_data"` } func sqlSchemaFromRequest(signature string, r fosite.Requester, logger logrus.FieldLogger) (*sqlData, error) { @@ -128,8 +128,18 @@ func sqlSchemaFromRequest(signature string, r fosite.Requester, logger logrus.Fi return nil, errors.WithStack(err) } + rr, ok := r.(*fosite.Request) + if !ok { + return nil, errors.Errorf("Expected request to be of type *fosite.Request, but got: %T", r) + } + + var rid sql.NullString + if len(rr.ID) > 0 { + rid = sql.NullString{Valid: true, String: rr.ID} + } + return &sqlData{ - Request: r.GetID(), + Request: rid, Signature: signature, RequestedAt: r.GetRequestedAt(), Client: r.GetClient().GetID(), @@ -164,7 +174,7 @@ func (s *sqlData) toRequest(session fosite.Session, cm client.Manager, logger lo } r := &fosite.Request{ - ID: s.Request, + ID: s.Request.String, RequestedAt: s.RequestedAt, Client: c, RequestedScope: fosite.Arguments(stringsx.Splitx(s.Scopes, "|")), @@ -194,6 +204,8 @@ func (s *FositeSQLStore) createSession(ctx context.Context, signature string, re return err } + fmt.Printf("\ndata: %+v\n", data) + query := fmt.Sprintf( "INSERT INTO hydra_oauth2_%s (%s) VALUES (%s)", table, diff --git a/oauth2/fosite_store_test.go b/oauth2/fosite_store_test.go index 8426aaae1e8..eb4553ae418 100644 --- a/oauth2/fosite_store_test.go +++ b/oauth2/fosite_store_test.go @@ -147,6 +147,7 @@ func TestManagers(t *testing.T) { } t.Run(fmt.Sprintf("case=testHelperCreateGetDeleteAuthorizeCodes/db=%s", k), testHelperCreateGetDeleteAuthorizeCodes(store)) t.Run(fmt.Sprintf("case=testHelperCreateGetDeleteAccessTokenSession/db=%s", k), testHelperCreateGetDeleteAccessTokenSession(store)) + t.Run(fmt.Sprintf("case=testHelperNilAccessToken/db=%s", k), testHelperNilAccessToken(store)) t.Run(fmt.Sprintf("case=testHelperCreateGetDeleteOpenIDConnectSession/db=%s", k), testHelperCreateGetDeleteOpenIDConnectSession(store)) t.Run(fmt.Sprintf("case=testHelperCreateGetDeleteRefreshTokenSession/db=%s", k), testHelperCreateGetDeleteRefreshTokenSession(store)) t.Run(fmt.Sprintf("case=testHelperRevokeRefreshToken/db=%s", k), testHelperRevokeRefreshToken(store)) diff --git a/oauth2/migrations/sql/mysql/8.sql b/oauth2/migrations/sql/mysql/8.sql index c9fa71b3486..e11e5daa49c 100644 --- a/oauth2/migrations/sql/mysql/8.sql +++ b/oauth2/migrations/sql/mysql/8.sql @@ -1,53 +1,90 @@ -- +migrate Up + +-- First we need to delete all rows that point to a non-existing oauth2 client. DELETE FROM hydra_oauth2_access WHERE NOT EXISTS (SELECT 1 FROM hydra_client WHERE hydra_oauth2_access.client_id = hydra_client.id); DELETE FROM hydra_oauth2_refresh WHERE NOT EXISTS (SELECT 1 FROM hydra_client WHERE hydra_oauth2_refresh.client_id = hydra_client.id); DELETE FROM hydra_oauth2_code WHERE NOT EXISTS (SELECT 1 FROM hydra_client WHERE hydra_oauth2_code.client_id = hydra_client.id); DELETE FROM hydra_oauth2_oidc WHERE NOT EXISTS (SELECT 1 FROM hydra_client WHERE hydra_oauth2_oidc.client_id = hydra_client.id); DELETE FROM hydra_oauth2_pkce WHERE NOT EXISTS (SELECT 1 FROM hydra_client WHERE hydra_oauth2_pkce.client_id = hydra_client.id); -DELETE FROM hydra_oauth2_access WHERE NOT EXISTS (SELECT 1 FROM hydra_oauth2_consent_request_handled WHERE hydra_oauth2_access.request_id = hydra_oauth2_consent_request_handled.challenge); -DELETE FROM hydra_oauth2_refresh WHERE NOT EXISTS (SELECT 1 FROM hydra_oauth2_consent_request_handled WHERE hydra_oauth2_refresh.request_id = hydra_oauth2_consent_request_handled.challenge); -DELETE FROM hydra_oauth2_code WHERE NOT EXISTS (SELECT 1 FROM hydra_oauth2_consent_request_handled WHERE hydra_oauth2_code.request_id = hydra_oauth2_consent_request_handled.challenge); -DELETE FROM hydra_oauth2_oidc WHERE NOT EXISTS (SELECT 1 FROM hydra_oauth2_consent_request_handled WHERE hydra_oauth2_oidc.request_id = hydra_oauth2_consent_request_handled.challenge); -DELETE FROM hydra_oauth2_pkce WHERE NOT EXISTS (SELECT 1 FROM hydra_oauth2_consent_request_handled WHERE hydra_oauth2_pkce.request_id = hydra_oauth2_consent_request_handled.challenge); - -DELETE FROM hydra_oauth2_access WHERE LENGTH(request_id) > 40 OR request_id = ''; -DELETE FROM hydra_oauth2_refresh WHERE LENGTH(request_id) > 40 OR request_id = ''; -DELETE FROM hydra_oauth2_code WHERE LENGTH(request_id) > 40 OR request_id = ''; -DELETE FROM hydra_oauth2_oidc WHERE LENGTH(request_id) > 40 OR request_id = ''; -DELETE FROM hydra_oauth2_pkce WHERE LENGTH(request_id) > 40 OR request_id = ''; - -ALTER TABLE hydra_oauth2_access MODIFY request_id varchar(40) NOT NULL; -ALTER TABLE hydra_oauth2_refresh MODIFY request_id varchar(40) NOT NULL; -ALTER TABLE hydra_oauth2_code MODIFY request_id varchar(40) NOT NULL; -ALTER TABLE hydra_oauth2_oidc MODIFY request_id varchar(40) NOT NULL; -ALTER TABLE hydra_oauth2_pkce MODIFY request_id varchar(40) NOT NULL; - --- we also want to remove all columns that have a client id with more then 255 chars + +-- request_id is a 40 varchar in the referenced table which is why we are resizing +-- 1. We must remove request_ids longer than 40 chars. This should never happen as we've never issued them longer than this +DELETE FROM hydra_oauth2_access WHERE LENGTH(request_id) > 40; +DELETE FROM hydra_oauth2_refresh WHERE LENGTH(request_id) > 40; +DELETE FROM hydra_oauth2_code WHERE LENGTH(request_id) > 40; +DELETE FROM hydra_oauth2_oidc WHERE LENGTH(request_id) > 40; +DELETE FROM hydra_oauth2_pkce WHERE LENGTH(request_id) > 40; + +ALTER TABLE hydra_oauth2_access MODIFY request_id varchar(40) NULL; +ALTER TABLE hydra_oauth2_refresh MODIFY request_id varchar(40) NULL; +ALTER TABLE hydra_oauth2_code MODIFY request_id varchar(40) NULL; +ALTER TABLE hydra_oauth2_oidc MODIFY request_id varchar(40) NULL; +ALTER TABLE hydra_oauth2_pkce MODIFY request_id varchar(40) NULL; + +-- 3. We must also drop the NOT NULL and default values as request_id can be set to NULL, for example in +-- oauth2 client credentials grant. +ALTER TABLE hydra_oauth2_access ALTER COLUMN request_id DROP DEFAULT; +ALTER TABLE hydra_oauth2_refresh ALTER COLUMN request_id DROP DEFAULT; +ALTER TABLE hydra_oauth2_code ALTER COLUMN request_id DROP DEFAULT; +ALTER TABLE hydra_oauth2_oidc ALTER COLUMN request_id DROP DEFAULT; +ALTER TABLE hydra_oauth2_pkce ALTER COLUMN request_id DROP DEFAULT; + +-- 4. And lastly, we must set it to NULL where the request_id is an empty string +UPDATE hydra_oauth2_access SET request_id = NULL WHERE LENGTH(request_id) = 0; +UPDATE hydra_oauth2_refresh SET request_id = NULL WHERE LENGTH(request_id) = 0; +UPDATE hydra_oauth2_code SET request_id = NULL WHERE LENGTH(request_id) = 0; +UPDATE hydra_oauth2_oidc SET request_id = NULL WHERE LENGTH(request_id) = 0; +UPDATE hydra_oauth2_pkce SET request_id = NULL WHERE LENGTH(request_id) = 0; + +-- 5. Now we can delete all request_id's that are set but do not point to an existing challenge. We also must include +-- request_ids which are set to NULL +DELETE FROM hydra_oauth2_access WHERE NOT EXISTS ( + SELECT 1 FROM hydra_oauth2_consent_request_handled WHERE hydra_oauth2_access.request_id = hydra_oauth2_consent_request_handled.challenge OR hydra_oauth2_access.request_id = NULL +); +DELETE FROM hydra_oauth2_refresh WHERE NOT EXISTS ( + SELECT 1 FROM hydra_oauth2_consent_request_handled WHERE hydra_oauth2_refresh.request_id = hydra_oauth2_consent_request_handled.challenge OR hydra_oauth2_refresh.request_id = NULL +); +DELETE FROM hydra_oauth2_code WHERE NOT EXISTS ( + SELECT 1 FROM hydra_oauth2_consent_request_handled WHERE hydra_oauth2_code.request_id = hydra_oauth2_consent_request_handled.challenge OR hydra_oauth2_code.request_id = NULL +); +DELETE FROM hydra_oauth2_oidc WHERE NOT EXISTS ( + SELECT 1 FROM hydra_oauth2_consent_request_handled WHERE hydra_oauth2_oidc.request_id = hydra_oauth2_consent_request_handled.challenge OR hydra_oauth2_oidc.request_id = NULL +); +DELETE FROM hydra_oauth2_pkce WHERE NOT EXISTS ( + SELECT 1 FROM hydra_oauth2_consent_request_handled WHERE hydra_oauth2_pkce.request_id = hydra_oauth2_consent_request_handled.challenge OR hydra_oauth2_pkce.request_id = NULL +); + +-- In preparation for creating the client_id index and foreign key, we must set it to varchar(255) which is also +-- the length of hydra_client.id DELETE FROM hydra_oauth2_access WHERE LENGTH(client_id) > 255; DELETE FROM hydra_oauth2_refresh WHERE LENGTH(client_id) > 255; DELETE FROM hydra_oauth2_code WHERE LENGTH(client_id) > 255; DELETE FROM hydra_oauth2_oidc WHERE LENGTH(client_id) > 255; DELETE FROM hydra_oauth2_pkce WHERE LENGTH(client_id) > 255; - ALTER TABLE hydra_oauth2_access MODIFY client_id varchar(255) NOT NULL; ALTER TABLE hydra_oauth2_refresh MODIFY client_id varchar(255) NOT NULL; ALTER TABLE hydra_oauth2_code MODIFY client_id varchar(255) NOT NULL; ALTER TABLE hydra_oauth2_oidc MODIFY client_id varchar(255) NOT NULL; ALTER TABLE hydra_oauth2_pkce MODIFY client_id varchar(255) NOT NULL; +-- Now it's time to create the index for client_id CREATE INDEX hydra_oauth2_access_client_id_idx ON hydra_oauth2_access (client_id); CREATE INDEX hydra_oauth2_refresh_client_id_idx ON hydra_oauth2_refresh (client_id); CREATE INDEX hydra_oauth2_code_client_id_idx ON hydra_oauth2_code (client_id); CREATE INDEX hydra_oauth2_oidc_client_id_idx ON hydra_oauth2_oidc (client_id); CREATE INDEX hydra_oauth2_pkce_client_id_idx ON hydra_oauth2_pkce (client_id); +-- Foreign keys start here + +-- This creates a foreign key that cascade delete's if the client_id is removed. ALTER TABLE hydra_oauth2_access ADD CONSTRAINT hydra_oauth2_access_client_id_fk FOREIGN KEY (client_id) REFERENCES hydra_client(id) ON DELETE CASCADE; ALTER TABLE hydra_oauth2_refresh ADD CONSTRAINT hydra_oauth2_refresh_client_id_fk FOREIGN KEY (client_id) REFERENCES hydra_client(id) ON DELETE CASCADE; ALTER TABLE hydra_oauth2_code ADD CONSTRAINT hydra_oauth2_code_client_id_fk FOREIGN KEY (client_id) REFERENCES hydra_client(id) ON DELETE CASCADE; ALTER TABLE hydra_oauth2_oidc ADD CONSTRAINT hydra_oauth2_oidc_client_id_fk FOREIGN KEY (client_id) REFERENCES hydra_client(id) ON DELETE CASCADE; ALTER TABLE hydra_oauth2_pkce ADD CONSTRAINT hydra_oauth2_pkce_client_id_fk FOREIGN KEY (client_id) REFERENCES hydra_client(id) ON DELETE CASCADE; +-- This creates a foreign key that cascade delete's if the consent associated with this is removed. ALTER TABLE hydra_oauth2_access ADD CONSTRAINT hydra_oauth2_access_request_id_fk FOREIGN KEY (request_id) REFERENCES hydra_oauth2_consent_request_handled(challenge) ON DELETE CASCADE; ALTER TABLE hydra_oauth2_refresh ADD CONSTRAINT hydra_oauth2_refresh_request_id_fk FOREIGN KEY (request_id) REFERENCES hydra_oauth2_consent_request_handled(challenge) ON DELETE CASCADE; ALTER TABLE hydra_oauth2_code ADD CONSTRAINT hydra_oauth2_code_request_id_fk FOREIGN KEY (request_id) REFERENCES hydra_oauth2_consent_request_handled(challenge) ON DELETE CASCADE; @@ -55,24 +92,29 @@ ALTER TABLE hydra_oauth2_oidc ADD CONSTRAINT hydra_oauth2_oidc_request_id_fk FOR ALTER TABLE hydra_oauth2_pkce ADD CONSTRAINT hydra_oauth2_pkce_request_id_fk FOREIGN KEY (request_id) REFERENCES hydra_oauth2_consent_request_handled(challenge) ON DELETE CASCADE; -- +migrate Down + +-- Drops the client_id foreign key ALTER TABLE hydra_oauth2_access DROP FOREIGN KEY hydra_oauth2_access_client_id_fk; ALTER TABLE hydra_oauth2_refresh DROP FOREIGN KEY hydra_oauth2_refresh_client_id_fk; ALTER TABLE hydra_oauth2_code DROP FOREIGN KEY hydra_oauth2_code_client_id_fk; ALTER TABLE hydra_oauth2_oidc DROP FOREIGN KEY hydra_oauth2_oidc_client_id_fk; ALTER TABLE hydra_oauth2_pkce DROP FOREIGN KEY hydra_oauth2_pkce_client_id_fk; +-- Drops the challenge/request_id foreign key ALTER TABLE hydra_oauth2_access DROP FOREIGN KEY hydra_oauth2_access_request_id_fk; ALTER TABLE hydra_oauth2_refresh DROP FOREIGN KEY hydra_oauth2_refresh_request_id_fk; ALTER TABLE hydra_oauth2_code DROP FOREIGN KEY hydra_oauth2_code_request_id_fk; ALTER TABLE hydra_oauth2_oidc DROP FOREIGN KEY hydra_oauth2_oidc_request_id_fk; ALTER TABLE hydra_oauth2_pkce DROP FOREIGN KEY hydra_oauth2_pkce_request_id_fk; +-- Drops the index for client_id DROP INDEX hydra_oauth2_access_client_id_idx ON hydra_oauth2_access; DROP INDEX hydra_oauth2_refresh_client_id_idx ON hydra_oauth2_refresh; DROP INDEX hydra_oauth2_code_client_id_idx ON hydra_oauth2_code; DROP INDEX hydra_oauth2_oidc_client_id_idx ON hydra_oauth2_oidc; DROP INDEX hydra_oauth2_pkce_client_id_idx ON hydra_oauth2_pkce; +-- request_id was set to varchar(40) NULL (without default) - let's revert that ALTER TABLE hydra_oauth2_access MODIFY request_id varchar(255) NOT NULL; ALTER TABLE hydra_oauth2_refresh MODIFY request_id varchar(255) NOT NULL; ALTER TABLE hydra_oauth2_code MODIFY request_id varchar(255) NOT NULL; diff --git a/oauth2/migrations/sql/postgres/7.sql b/oauth2/migrations/sql/postgres/7.sql index 87553bfdca3..17f82d769e7 100644 --- a/oauth2/migrations/sql/postgres/7.sql +++ b/oauth2/migrations/sql/postgres/7.sql @@ -29,4 +29,3 @@ ALTER TABLE hydra_oauth2_oidc DROP COLUMN granted_audience; ALTER TABLE hydra_oauth2_pkce DROP COLUMN requested_audience; ALTER TABLE hydra_oauth2_pkce DROP COLUMN granted_audience; - diff --git a/oauth2/migrations/sql/postgres/8.sql b/oauth2/migrations/sql/postgres/8.sql index c076790ffaf..3d9a8195771 100644 --- a/oauth2/migrations/sql/postgres/8.sql +++ b/oauth2/migrations/sql/postgres/8.sql @@ -1,63 +1,98 @@ -- +migrate Up + +-- First we need to delete all rows that point to a non-existing oauth2 client. DELETE FROM hydra_oauth2_access WHERE NOT EXISTS (SELECT 1 FROM hydra_client WHERE hydra_oauth2_access.client_id = hydra_client.id); DELETE FROM hydra_oauth2_refresh WHERE NOT EXISTS (SELECT 1 FROM hydra_client WHERE hydra_oauth2_refresh.client_id = hydra_client.id); DELETE FROM hydra_oauth2_code WHERE NOT EXISTS (SELECT 1 FROM hydra_client WHERE hydra_oauth2_code.client_id = hydra_client.id); DELETE FROM hydra_oauth2_oidc WHERE NOT EXISTS (SELECT 1 FROM hydra_client WHERE hydra_oauth2_oidc.client_id = hydra_client.id); DELETE FROM hydra_oauth2_pkce WHERE NOT EXISTS (SELECT 1 FROM hydra_client WHERE hydra_oauth2_pkce.client_id = hydra_client.id); -DELETE FROM hydra_oauth2_access WHERE NOT EXISTS (SELECT 1 FROM hydra_oauth2_consent_request_handled WHERE hydra_oauth2_access.request_id = hydra_oauth2_consent_request_handled.challenge); -DELETE FROM hydra_oauth2_refresh WHERE NOT EXISTS (SELECT 1 FROM hydra_oauth2_consent_request_handled WHERE hydra_oauth2_refresh.request_id = hydra_oauth2_consent_request_handled.challenge); -DELETE FROM hydra_oauth2_code WHERE NOT EXISTS (SELECT 1 FROM hydra_oauth2_consent_request_handled WHERE hydra_oauth2_code.request_id = hydra_oauth2_consent_request_handled.challenge); -DELETE FROM hydra_oauth2_oidc WHERE NOT EXISTS (SELECT 1 FROM hydra_oauth2_consent_request_handled WHERE hydra_oauth2_oidc.request_id = hydra_oauth2_consent_request_handled.challenge); -DELETE FROM hydra_oauth2_pkce WHERE NOT EXISTS (SELECT 1 FROM hydra_oauth2_consent_request_handled WHERE hydra_oauth2_pkce.request_id = hydra_oauth2_consent_request_handled.challenge); --- we also want to remove all columns that have more than 40 char lengths as we're resizing in the next step -DELETE FROM hydra_oauth2_access WHERE LENGTH(request_id) > 40 OR request_id = ''; -DELETE FROM hydra_oauth2_refresh WHERE LENGTH(request_id) > 40 OR request_id = ''; -DELETE FROM hydra_oauth2_code WHERE LENGTH(request_id) > 40 OR request_id = ''; -DELETE FROM hydra_oauth2_oidc WHERE LENGTH(request_id) > 40 OR request_id = ''; -DELETE FROM hydra_oauth2_pkce WHERE LENGTH(request_id) > 40 OR request_id = ''; +-- request_id is a 40 varchar in the referenced table which is why we are resizing +-- 1. We must remove request_ids longer than 40 chars. This should never happen as we've never issued them longer than this +DELETE FROM hydra_oauth2_access WHERE LENGTH(request_id) > 40; +DELETE FROM hydra_oauth2_refresh WHERE LENGTH(request_id) > 40; +DELETE FROM hydra_oauth2_code WHERE LENGTH(request_id) > 40; +DELETE FROM hydra_oauth2_oidc WHERE LENGTH(request_id) > 40; +DELETE FROM hydra_oauth2_pkce WHERE LENGTH(request_id) > 40; --- request_id is a 40 varchar in the refrerenced table +-- 2. Next we're actually resizing ALTER TABLE hydra_oauth2_access ALTER COLUMN request_id TYPE varchar(40); ALTER TABLE hydra_oauth2_refresh ALTER COLUMN request_id TYPE varchar(40); ALTER TABLE hydra_oauth2_code ALTER COLUMN request_id TYPE varchar(40); ALTER TABLE hydra_oauth2_oidc ALTER COLUMN request_id TYPE varchar(40); ALTER TABLE hydra_oauth2_pkce ALTER COLUMN request_id TYPE varchar(40); --- we also want to remove all columns that have a client id with more then 255 chars +-- 3. We must also drop the NOT NULL and default values as request_id can be set to NULL, for example in +-- oauth2 client credentials grant. +ALTER TABLE hydra_oauth2_access ALTER COLUMN request_id DROP NOT NULL; +ALTER TABLE hydra_oauth2_refresh ALTER COLUMN request_id DROP NOT NULL; +ALTER TABLE hydra_oauth2_code ALTER COLUMN request_id DROP NOT NULL; +ALTER TABLE hydra_oauth2_oidc ALTER COLUMN request_id DROP NOT NULL; +ALTER TABLE hydra_oauth2_pkce ALTER COLUMN request_id DROP NOT NULL; +ALTER TABLE hydra_oauth2_access ALTER COLUMN request_id DROP DEFAULT; +ALTER TABLE hydra_oauth2_refresh ALTER COLUMN request_id DROP DEFAULT; +ALTER TABLE hydra_oauth2_code ALTER COLUMN request_id DROP DEFAULT; +ALTER TABLE hydra_oauth2_oidc ALTER COLUMN request_id DROP DEFAULT; +ALTER TABLE hydra_oauth2_pkce ALTER COLUMN request_id DROP DEFAULT; + +-- 4. And lastly, we must set it to NULL where the request_id is an empty string +UPDATE hydra_oauth2_access SET request_id = NULL WHERE LENGTH(request_id) = 0; +UPDATE hydra_oauth2_refresh SET request_id = NULL WHERE LENGTH(request_id) = 0; +UPDATE hydra_oauth2_code SET request_id = NULL WHERE LENGTH(request_id) = 0; +UPDATE hydra_oauth2_oidc SET request_id = NULL WHERE LENGTH(request_id) = 0; +UPDATE hydra_oauth2_pkce SET request_id = NULL WHERE LENGTH(request_id) = 0; + +-- 5. Now we can delete all request_id's that are set but do not point to an existing challenge. We also must include +-- request_ids which are set to NULL +DELETE FROM hydra_oauth2_access WHERE NOT EXISTS ( + SELECT 1 FROM hydra_oauth2_consent_request_handled WHERE hydra_oauth2_access.request_id = hydra_oauth2_consent_request_handled.challenge OR hydra_oauth2_access.request_id = NULL +); +DELETE FROM hydra_oauth2_refresh WHERE NOT EXISTS ( + SELECT 1 FROM hydra_oauth2_consent_request_handled WHERE hydra_oauth2_refresh.request_id = hydra_oauth2_consent_request_handled.challenge OR hydra_oauth2_refresh.request_id = NULL +); +DELETE FROM hydra_oauth2_code WHERE NOT EXISTS ( + SELECT 1 FROM hydra_oauth2_consent_request_handled WHERE hydra_oauth2_code.request_id = hydra_oauth2_consent_request_handled.challenge OR hydra_oauth2_code.request_id = NULL +); +DELETE FROM hydra_oauth2_oidc WHERE NOT EXISTS ( + SELECT 1 FROM hydra_oauth2_consent_request_handled WHERE hydra_oauth2_oidc.request_id = hydra_oauth2_consent_request_handled.challenge OR hydra_oauth2_oidc.request_id = NULL +); +DELETE FROM hydra_oauth2_pkce WHERE NOT EXISTS ( + SELECT 1 FROM hydra_oauth2_consent_request_handled WHERE hydra_oauth2_pkce.request_id = hydra_oauth2_consent_request_handled.challenge OR hydra_oauth2_pkce.request_id = NULL +); + +-- In preparation for creating the client_id index and foreign key, we must set it to varchar(255) which is also +-- the length of hydra_client.id DELETE FROM hydra_oauth2_access WHERE LENGTH(client_id) > 255; DELETE FROM hydra_oauth2_refresh WHERE LENGTH(client_id) > 255; DELETE FROM hydra_oauth2_code WHERE LENGTH(client_id) > 255; DELETE FROM hydra_oauth2_oidc WHERE LENGTH(client_id) > 255; DELETE FROM hydra_oauth2_pkce WHERE LENGTH(client_id) > 255; - -ALTER TABLE hydra_oauth2_access ALTER COLUMN client_id TYPE varchar(255); -ALTER TABLE hydra_oauth2_refresh ALTER COLUMN client_id TYPE varchar(255); -ALTER TABLE hydra_oauth2_code ALTER COLUMN client_id TYPE varchar(255); -ALTER TABLE hydra_oauth2_oidc ALTER COLUMN client_id TYPE varchar(255); -ALTER TABLE hydra_oauth2_pkce ALTER COLUMN client_id TYPE varchar(255); - ALTER TABLE hydra_oauth2_access ALTER COLUMN client_id TYPE varchar(255); ALTER TABLE hydra_oauth2_refresh ALTER COLUMN client_id TYPE varchar(255); ALTER TABLE hydra_oauth2_code ALTER COLUMN client_id TYPE varchar(255); ALTER TABLE hydra_oauth2_oidc ALTER COLUMN client_id TYPE varchar(255); ALTER TABLE hydra_oauth2_pkce ALTER COLUMN client_id TYPE varchar(255); +-- Now it's time to create the index for client_id CREATE INDEX hydra_oauth2_access_client_id_idx ON hydra_oauth2_access (client_id); CREATE INDEX hydra_oauth2_refresh_client_id_idx ON hydra_oauth2_refresh (client_id); CREATE INDEX hydra_oauth2_code_client_id_idx ON hydra_oauth2_code (client_id); CREATE INDEX hydra_oauth2_oidc_client_id_idx ON hydra_oauth2_oidc (client_id); CREATE INDEX hydra_oauth2_pkce_client_id_idx ON hydra_oauth2_pkce (client_id); +-- Foreign keys start here + SET session_replication_role = replica; +-- This creates a foreign key that cascade delete's if the client_id is removed. ALTER TABLE hydra_oauth2_access ADD CONSTRAINT hydra_oauth2_access_client_id_fk FOREIGN KEY (client_id) REFERENCES hydra_client(id) ON DELETE CASCADE; ALTER TABLE hydra_oauth2_refresh ADD CONSTRAINT hydra_oauth2_refresh_client_id_fk FOREIGN KEY (client_id) REFERENCES hydra_client(id) ON DELETE CASCADE; ALTER TABLE hydra_oauth2_code ADD CONSTRAINT hydra_oauth2_code_client_id_fk FOREIGN KEY (client_id) REFERENCES hydra_client(id) ON DELETE CASCADE; ALTER TABLE hydra_oauth2_oidc ADD CONSTRAINT hydra_oauth2_oidc_client_id_fk FOREIGN KEY (client_id) REFERENCES hydra_client(id) ON DELETE CASCADE; ALTER TABLE hydra_oauth2_pkce ADD CONSTRAINT hydra_oauth2_pkce_client_id_fk FOREIGN KEY (client_id) REFERENCES hydra_client(id) ON DELETE CASCADE; +-- This creates a foreign key that cascade delete's if the consent associated with this is removed. ALTER TABLE hydra_oauth2_access ADD CONSTRAINT hydra_oauth2_access_request_id_fk FOREIGN KEY (request_id) REFERENCES hydra_oauth2_consent_request_handled(challenge) ON DELETE CASCADE; ALTER TABLE hydra_oauth2_refresh ADD CONSTRAINT hydra_oauth2_refresh_request_id_fk FOREIGN KEY (request_id) REFERENCES hydra_oauth2_consent_request_handled(challenge) ON DELETE CASCADE; ALTER TABLE hydra_oauth2_code ADD CONSTRAINT hydra_oauth2_code_request_id_fk FOREIGN KEY (request_id) REFERENCES hydra_oauth2_consent_request_handled(challenge) ON DELETE CASCADE; @@ -67,24 +102,42 @@ ALTER TABLE hydra_oauth2_pkce ADD CONSTRAINT hydra_oauth2_pkce_request_id_fk FOR SET session_replication_role = DEFAULT; -- +migrate Down + +-- Drops the client_id foreign key ALTER TABLE hydra_oauth2_access DROP CONSTRAINT hydra_oauth2_access_client_id_fk; ALTER TABLE hydra_oauth2_refresh DROP CONSTRAINT hydra_oauth2_refresh_client_id_fk; ALTER TABLE hydra_oauth2_code DROP CONSTRAINT hydra_oauth2_code_client_id_fk; ALTER TABLE hydra_oauth2_oidc DROP CONSTRAINT hydra_oauth2_oidc_client_id_fk; ALTER TABLE hydra_oauth2_pkce DROP CONSTRAINT hydra_oauth2_pkce_client_id_fk; +-- Drops the challenge/request_id foreign key ALTER TABLE hydra_oauth2_access DROP CONSTRAINT hydra_oauth2_access_request_id_fk; ALTER TABLE hydra_oauth2_refresh DROP CONSTRAINT hydra_oauth2_refresh_request_id_fk; ALTER TABLE hydra_oauth2_code DROP CONSTRAINT hydra_oauth2_code_request_id_fk; ALTER TABLE hydra_oauth2_oidc DROP CONSTRAINT hydra_oauth2_oidc_request_id_fk; ALTER TABLE hydra_oauth2_pkce DROP CONSTRAINT hydra_oauth2_pkce_request_id_fk; +-- Drops the index for client_id +DROP INDEX hydra_oauth2_access_client_id_idx; +DROP INDEX hydra_oauth2_refresh_client_id_idx; +DROP INDEX hydra_oauth2_code_client_id_idx; +DROP INDEX hydra_oauth2_oidc_client_id_idx; +DROP INDEX hydra_oauth2_pkce_client_id_idx; + +-- request_id was set to varchar(40) NULL (without default) - let's revert that ALTER TABLE hydra_oauth2_access ALTER COLUMN request_id TYPE varchar(255); ALTER TABLE hydra_oauth2_refresh ALTER COLUMN request_id TYPE varchar(255); ALTER TABLE hydra_oauth2_code ALTER COLUMN request_id TYPE varchar(255); ALTER TABLE hydra_oauth2_oidc ALTER COLUMN request_id TYPE varchar(255); ALTER TABLE hydra_oauth2_pkce ALTER COLUMN request_id TYPE varchar(255); +ALTER TABLE hydra_oauth2_access ALTER COLUMN request_id SET NOT NULL; +ALTER TABLE hydra_oauth2_refresh ALTER COLUMN request_id SET NOT NULL; +ALTER TABLE hydra_oauth2_code ALTER COLUMN request_id SET NOT NULL; +ALTER TABLE hydra_oauth2_oidc ALTER COLUMN request_id SET NOT NULL; +ALTER TABLE hydra_oauth2_pkce ALTER COLUMN request_id SET NOT NULL; + +-- client_id was set to varchar(255), let's revert that. ALTER TABLE hydra_oauth2_access ALTER COLUMN client_id TYPE TEXT; ALTER TABLE hydra_oauth2_refresh ALTER COLUMN client_id TYPE TEXT; ALTER TABLE hydra_oauth2_code ALTER COLUMN client_id TYPE TEXT; diff --git a/oauth2/sql_migration_files.go b/oauth2/sql_migration_files.go index 9890225cee3..5a84f4c1cfc 100644 --- a/oauth2/sql_migration_files.go +++ b/oauth2/sql_migration_files.go @@ -103,7 +103,7 @@ func migrationsSqlShared1Sql() (*asset, error) { return nil, err } - info := bindataFileInfo{name: "migrations/sql/shared/1.sql", size: 1542, mode: os.FileMode(438), modTime: time.Unix(1542578027, 0)} + info := bindataFileInfo{name: "migrations/sql/shared/1.sql", size: 1542, mode: os.FileMode(438), modTime: time.Unix(1542622082, 0)} a := &asset{bytes: bytes, info: info} return a, nil } @@ -248,7 +248,7 @@ func migrationsSqlMysql7Sql() (*asset, error) { return a, nil } -var _migrationsSqlMysql8Sql = []byte("\x1f\x8b\x08\x00\x00\x00\x00\x00\x00\xff\xcc\x98\x5f\x6f\x9b\x30\x14\xc5\xdf\xf3\x29\xee\x5b\x53\x4d\xa9\xba\xa8\x79\x8a\x36\x89\x05\xa7\x8d\x46\x61\x22\x54\x6b\x9f\x22\x04\x6e\x41\x25\xd0\x01\x6d\xb6\x6f\x3f\xe1\x25\x8d\x09\x7f\x7c\x8d\x49\x97\xd7\x84\xfb\xf3\x91\xef\x39\xf8\x9a\xd1\x08\x3e\xad\xc3\xa7\xd4\xcd\x29\xdc\xbd\x0c\x74\x62\x10\x87\xc0\xdc\xb6\x6e\x21\xf8\xe3\xa7\xee\x2a\x71\x5f\xf3\x60\xbc\x72\x3d\x8f\x66\x19\xfc\xbc\x21\x36\x01\xd3\x72\x80\xdc\x2f\x96\xce\x12\x86\x4b\x62\x90\x99\x03\x9f\xf9\x1a\x2f\x0a\x69\x9c\x6f\x1f\xae\xc1\x5c\xfc\x7b\x60\x15\xfa\xf0\xa5\x54\x72\x11\xfa\xe7\xd3\x66\x11\x29\x7d\x4c\x69\x16\x28\xab\xd8\x72\xba\xca\xf0\x12\x9f\x2a\x6b\x28\x20\x5d\x05\x24\xa1\xef\x29\x0b\x28\x20\x5d\x05\xbc\x3c\x7b\xea\x3b\x50\x40\x04\x02\x7a\xf2\xe3\xfb\x96\xc7\x59\xb1\x58\x4a\x7f\xbd\xd2\x2c\x5f\x05\x6e\xec\x47\xd4\x6f\xf1\xe9\xee\x49\x4e\x5e\x3b\xeb\xc2\x0b\xdc\x28\xa2\xf1\x13\xed\xcf\xc7\xf2\xea\x77\xfe\x3e\x92\x7c\x09\xff\xcb\x6b\x67\xb9\x38\x92\x70\x89\xdc\xc8\x0b\x67\x79\x3a\x92\x70\x89\xbc\xc9\x0b\x67\x39\x54\x13\x8e\xcc\xa9\x41\xcc\x6b\xe7\x66\xb8\x5f\xeb\x1c\xbe\xc2\xd5\x25\x58\x36\x94\xd6\x3f\x3b\x43\x87\xa7\x17\x24\x67\xe8\x5e\x78\x9c\xcf\x7a\xe1\x71\xed\x97\xe1\x0d\x34\xc3\x21\x36\x38\xda\x37\xa3\xf6\xf5\x06\xb7\x96\xbe\x98\x3f\xf0\x85\x6f\x6e\xea\x05\x6e\x3a\xbc\xba\x3c\x67\x4e\x33\xef\x0c\x63\xda\xcc\xd9\xf5\x42\x19\xc4\x3a\xa0\x4c\x61\xfb\xae\x4c\x61\xbb\x8d\xa5\x0c\x46\x23\xd8\x50\x70\xa3\x2c\x81\x8d\x1b\xe7\x90\x27\x90\xd2\x75\xf2\x56\xfc\x16\x81\x97\x44\xaf\xeb\x38\x83\x3c\x70\x73\x08\xdc\xe2\x57\xd8\x9e\x88\xa1\x0f\x9b\x30\x0f\x60\x9d\xa4\x14\xf2\x80\xc6\x30\x9e\x4c\xa0\x58\x22\x93\x8b\xd3\xfb\x11\x5a\x58\x61\x3c\x99\xc8\x66\x47\xa2\xbe\x1a\x14\x89\xe2\x6a\x2a\x24\x8a\xab\x11\xa8\x16\x63\xfd\xbe\x9f\x39\x76\x3d\x1d\x4f\x26\x5d\xfc\xde\x1d\xc4\xfb\xbd\x3b\x85\xf7\x7b\x77\x0a\xef\x77\x21\x65\x30\xb3\x89\xe6\x10\x58\x98\x3a\xb9\xaf\xdb\xe4\xd5\x3b\x62\x15\xfa\xbf\xc1\x32\x6b\x3b\xc1\x75\x6f\xda\x82\xdc\xee\xb7\x80\xb9\xeb\x0a\x12\x5a\xec\xbd\x80\xc8\xda\x83\xc4\x15\x4d\x10\xe0\x58\x9f\x90\xb8\xa2\x1b\x02\x1c\x6b\x58\x09\x27\x74\xbe\xa6\xeb\x30\xb3\xcc\xa5\x63\x6b\x0b\xd3\x11\xf4\xed\xf1\x19\xe6\x96\x4d\x16\xd7\x26\x7c\x27\x0f\xfc\x4a\x60\x93\x39\xb1\x89\x39\x23\xcb\xd2\xb4\x3e\x2c\xfe\xb3\x4c\xd8\xc6\x77\xa6\x2d\x67\x9a\x4e\x10\x41\x6a\xd3\x55\x6d\xfe\x07\x08\x63\x9d\x6f\x53\x75\xe0\x9e\x0f\x90\xc4\xdc\xd3\x26\xe9\xc0\x81\x1f\x20\x89\x39\xb0\x4d\xd2\x81\x8b\xfb\x93\xd4\x87\xd3\xf7\x87\x7a\x45\x18\x3f\x57\x55\x94\xb5\x0f\xc4\xc3\xfd\x40\x7c\xb4\x28\x9c\x96\x72\x5c\x56\x4e\x4b\x33\x2e\x4c\xa7\xa5\x19\x97\xb6\xff\xa2\x79\xc0\x7f\x3f\xd4\x93\x4d\x2c\xcc\xa7\x6e\x5b\x3f\x4a\xea\x44\x67\x11\x22\x3a\xed\xcc\xba\x73\x44\xe4\xea\x76\x62\xe5\x0c\x10\x19\xae\x1d\x57\x79\x7f\x8b\xbc\xd0\x8e\xab\xbc\x7b\x11\x6f\x4d\x54\x57\x4a\x0e\xeb\xad\x2d\x58\x2a\xb6\x2f\x58\x1e\xb6\x31\x58\x1e\xb6\x33\x07\xbc\x01\x2b\x51\x1b\xa7\xa7\x8d\x10\xa9\x01\xba\x19\x83\x1c\x99\x9b\x01\xc8\x21\xb9\x19\x80\x1c\x8b\x95\x3e\x7a\x74\xbc\x05\x2a\x90\x04\x9f\x3d\xba\xdc\x03\x15\x30\x82\x0f\x1f\x87\x37\x41\xe9\xdb\xb6\x43\xee\x1d\xa5\x5b\x36\x16\x50\x7f\xbb\xc6\x56\xd7\xdf\xaa\xb1\xd5\xf5\xb7\xe9\x72\xf5\xdf\x00\x00\x00\xff\xff\x7d\xa0\x28\x87\x75\x1b\x00\x00") +var _migrationsSqlMysql8Sql = []byte("\x1f\x8b\x08\x00\x00\x00\x00\x00\x00\xff\xcc\x59\x4f\x73\xda\xc8\x13\xbd\xf3\x29\xfa\x16\xbb\x7e\x81\x9f\x93\xb5\x4f\x54\xb6\x8a\x05\x91\x50\x4b\x44\x0a\xe4\x4a\x72\x72\x4d\xa4\x06\x4d\x45\x8c\xd8\x99\x01\xec\xfd\xf4\x5b\x3d\x92\x40\x20\x81\x06\xa4\xcd\xfa\x0a\xd3\x4f\xdd\x7a\xfd\xe7\xf5\xa8\xdd\x86\xff\x2d\xf9\x42\x32\x8d\xf0\xb8\x6a\xb5\xda\x6d\x18\x72\xa9\x34\x6c\x11\x04\x62\x00\x3a\x86\x00\x23\xd4\x08\x2c\x8a\x40\xc6\x5b\x05\x3a\x64\x1a\x56\x31\x17\x9a\xfe\x65\x20\x62\xd1\xc6\x67\xae\x34\x17\x0b\x88\xd9\x5a\x87\xef\xc1\x8f\x38\x0a\xdd\x69\x0d\x9c\xb1\xe3\x39\x30\x9c\x4e\x3e\x43\xf8\x12\x48\xf6\x94\x1c\x78\x62\xbe\x8f\x4a\xc1\xd7\x4f\xce\xd4\x01\x77\xe2\x81\xf3\x6d\x34\xf3\x66\x70\x33\x73\xc6\x4e\xdf\x83\x77\x79\x9b\x04\x2d\x3d\x5c\x02\xd3\x49\x0e\x3c\xf1\x00\x3e\x1c\x98\x74\x78\x70\xdb\x3d\xed\x84\xc4\xb9\x44\x15\xd6\xf6\x22\xc5\xb9\xd6\x0d\x3f\x0e\xb0\xb6\x0f\x04\x72\xad\x03\x31\x0f\xfc\xda\x0e\x10\xc8\xb5\x0e\xac\x7e\xfa\xf5\xdf\x00\x81\x54\x38\x60\x12\x5c\xe2\x5f\x6b\x54\xe6\x0c\x57\xc0\xe0\xfe\x0e\x36\x4c\xfa\x21\x93\xc0\x05\xe8\x10\x41\xe2\x1c\x25\x0a\x9f\xf2\x9f\xfd\x88\x10\xb6\x21\xf7\x43\x3a\xbd\x0d\x5f\xa8\x34\x98\xa4\x43\x8a\xff\xcd\xc5\x82\x20\xdf\x75\xe0\x2b\xc2\x72\xad\x34\x48\x5c\xc6\x1b\xcc\x3d\x44\x41\x14\x8b\x05\x4a\xaa\x1b\x41\x0f\xa3\x27\xa9\x0e\x78\x21\x57\xa0\xc2\x78\x1d\x05\x20\x70\x83\x12\x42\xb6\x5a\xa1\x00\xa6\x60\x8b\x6f\x36\x98\xfe\xca\x95\x5a\x93\x23\x21\x2e\x0f\x90\x74\xc8\x95\x65\x7d\x8d\x1d\xf7\xa3\xf7\xe9\x66\xef\xd3\x2d\xfc\x0e\xf7\x77\xd6\x95\x71\xb9\x7d\x2e\xa5\x2f\x37\xce\xa5\xe3\xe5\xc6\xb9\x54\x3a\x69\xdc\xea\x8d\x3d\x67\x0a\x5e\xef\x8f\x71\x69\x3f\x81\xcf\x93\xc1\x68\xf8\x3d\x9f\x29\x69\x86\xdc\xdc\xdf\xdd\x82\xfb\x38\x1e\x77\x4f\x63\x64\xef\xae\x16\x88\x79\x81\xb5\x10\xcc\x5b\xac\x85\x60\x5e\xa5\x0d\x02\x95\xc0\x6f\xfb\x12\x60\x91\x8a\x21\x90\xf1\xca\x14\x13\x15\x34\x1d\x03\x26\x02\x08\x70\xce\xd6\x91\x86\x0d\x8b\xd6\xa8\x28\xd5\x73\xc0\x3e\x13\xf0\x03\x41\xa1\x19\x2c\x64\xf3\x16\xe6\xb1\x04\x7c\x66\xcb\x55\x84\xc0\x05\x3d\x08\xe0\x70\xc8\x80\x2f\x31\x40\xa1\x39\x8b\x14\x2c\x24\xa3\xb1\x53\xc5\x6f\xf2\x7f\x7f\x32\x7e\xfc\xec\xe6\x3d\x18\x4c\x27\x5f\x60\xe0\x0c\x7b\x8f\x63\xcf\x82\xe1\x9a\x30\x86\xe3\x9a\x18\x86\xe5\x9a\x18\x86\x67\x3b\x0c\x22\xe0\xbe\x03\x3d\x11\x40\xc4\x94\x8e\x5e\xde\x52\x3b\x34\xac\x13\x6d\x7c\xc7\x1c\x6c\x43\x94\x98\x76\xd3\x83\x7e\x2b\x00\x97\x2b\xfd\x02\x4a\x4b\xea\x9e\x8f\x5f\x06\x3d\xaf\x9c\xa5\x99\xe3\xe5\x8d\x3f\x24\xc0\x27\x6b\xfb\x03\xdc\x75\x4b\xe1\x32\xba\x9a\xc2\x33\xbc\x35\x05\x66\x08\x6c\x0a\xcc\x30\x79\x0d\x18\xf1\xfa\xd0\x01\x37\xde\x12\x9f\x54\x88\x79\xd5\xb7\x3b\xfd\x26\x55\x7f\x34\xff\x88\xef\x1f\x6b\x0d\x41\x0c\x22\xce\x0b\x42\x01\x3b\x35\xe8\x87\x2c\x8a\x50\x2c\xd0\x34\x07\xd3\x17\x4c\xae\x70\xe1\x47\xeb\x00\xd3\x72\xce\xcf\xca\x64\xd2\x66\xf8\x69\x32\x5d\x21\x23\x5b\x00\x65\xea\x61\xc7\xa0\x50\x24\x13\xb2\x27\x87\x4c\x04\x11\x06\x67\x14\xe6\xc1\x0b\xb5\xc1\xea\xec\x62\x87\xc9\xb4\x1a\xd2\x84\x79\x9d\x56\x6d\x2c\xd4\x4c\xc6\x36\x19\x6b\x29\x66\x65\xb0\x27\x14\x71\x63\x91\x1a\xb1\xdc\x64\x98\x45\xc0\xca\x18\x4f\x88\xee\xc6\x62\x34\x7a\xbc\xc9\x18\x8b\x80\x95\x31\x9e\xd0\xf5\x8d\xc5\x68\x24\x7f\x93\x31\x16\x01\xb3\x18\xa9\x57\x8d\x04\xac\x24\xae\x98\x64\x9a\xc7\xc2\x68\x13\x5f\x22\x33\xad\x8e\x26\xdd\x7e\xf9\xe0\x22\xc0\x67\xa3\x78\xe6\xb1\x44\xbe\x10\xf0\x13\x4b\x67\x65\x26\xa6\xde\x3f\x3c\xdc\xee\xd7\x0c\xea\x94\xf4\x40\x02\x25\x47\x75\x08\xf1\xfc\x78\x9f\xb9\x4c\xfc\xef\x7c\x23\x11\xfc\xfe\xe1\xe1\x52\xf1\x7f\x81\x7d\x51\xfc\x5f\x60\x5c\x14\xff\x17\x18\x17\xc5\x7f\xd1\xd8\x52\xfb\xef\xb9\x3c\xa0\x28\x53\xb3\xf6\xfa\xff\x7a\xa0\xfc\x0e\x70\x3d\x4a\x7e\x0f\xb8\x1e\x25\xbf\x0b\x54\xa2\x50\xea\x92\x94\xe0\x9a\x04\x03\x5f\x22\x65\xba\xa9\x94\x44\x11\x26\xd5\x61\xca\x27\x83\x6a\xf5\xa7\x0e\xc9\x99\x91\x3b\x70\xbe\x95\xf1\xf2\xb4\x3b\xfa\xc4\x83\x67\x98\xb8\xa5\xe4\xe5\xf8\xee\x9e\x81\x4c\x29\xaa\xc0\xcc\x88\xb4\x04\x25\xba\x2a\x10\x0d\xa3\x96\x70\xc4\x5b\x05\x9c\xa1\xd6\x12\x8e\x08\xac\x80\x33\x1c\x1f\xc0\x99\xfb\xc0\x7d\x03\x53\xa0\x34\x93\x1a\x48\xda\x9b\xff\xcc\x1d\x46\x42\xac\x02\x96\xef\x75\x89\x4e\xf4\x99\xf2\x59\x80\xa9\x98\x7c\xa3\x80\xcf\x8f\x1b\xa5\x4a\x6f\x4c\x02\x8b\xad\x6d\x30\x80\xfe\xc4\x9d\x79\xd3\xde\xc8\xf5\x2a\x92\x64\xfe\x13\x86\x93\xa9\x33\xfa\xe8\xc2\x9f\xce\xf7\x7c\x58\x30\x75\x86\xce\xd4\x71\xfb\xce\xec\xa0\xa5\xde\xd0\x7f\x13\x17\xd2\xee\xd2\xef\xcd\xfa\xbd\x81\x63\xb3\x06\x9e\xf1\xab\x98\x69\xbf\xc0\xb1\x64\xb1\x3c\xe3\xd5\x51\xaa\xfe\x02\x97\x92\x3d\xf5\x8c\x4b\x47\xe9\xfe\x0b\x5c\x4a\xd6\xde\x33\x2e\x1d\x95\x4c\x73\x2e\xd5\x2a\x9d\x44\xd3\x00\x53\x2a\xf6\x39\xd3\x18\xc0\x96\xeb\xd0\x5c\x07\x36\x5d\x4d\x7b\x21\x54\x08\x3e\xbf\x41\x16\xa2\x3f\x2f\xbf\x6e\x76\xf2\xeb\xdf\x2b\xb7\xd7\xe5\xb9\x5d\x3d\xbe\x2e\x9f\xed\x0a\xf6\x75\xf9\x6c\x57\xd1\xff\x89\xcf\xad\xfc\x97\xb6\x41\xbc\x15\xe6\x97\x81\x8c\x57\xea\x68\x22\xe6\x3a\x41\x65\x0d\x9b\xcb\xb9\x7c\x04\x55\x33\xd1\xa2\xbc\xce\x63\x96\xcd\xb3\xaa\xcc\x3f\x8f\x58\x98\x45\x55\x49\x79\x1e\xae\x30\x47\xaa\xf2\xe5\x3c\x5c\x61\x06\x74\x8f\x89\xcb\x68\xff\x7f\x6e\x6d\x6c\x9c\xc3\x83\x9c\x6d\x8c\x44\x5b\x54\x5b\x16\x6d\xf1\x6c\x69\xb4\xc5\xb3\xe5\xf1\x08\xef\x90\xc8\xb2\xa5\xc4\x60\xd6\x5b\x49\xba\x27\x41\x2e\x5a\x42\x4e\xc3\x58\xae\x1d\xa7\x01\x2c\x17\x8d\xd3\x00\x96\xab\x45\xf7\xf8\xeb\xeb\x96\xa9\xec\x96\xf7\xf8\x9b\x12\xdc\x90\xa8\x89\xd7\x3a\xfb\x62\x74\x0b\x6d\x88\x90\xf6\x49\x89\x1b\x94\xda\x88\xa4\x1a\xdf\xf1\xae\x5c\xe6\x6b\x20\x55\x7c\xd1\xbb\x66\x9d\xaf\x01\x53\xf1\x6d\xef\x78\xa1\xbf\xf8\xd2\xc4\x73\xbe\x79\xb5\x2e\x4b\x6c\x01\xca\x2f\x49\x6c\xad\xcb\x2f\x47\x6c\xad\xcb\x2f\x45\x0e\xad\xff\x09\x00\x00\xff\xff\xbc\x56\xe7\xaa\x62\x23\x00\x00") func migrationsSqlMysql8SqlBytes() ([]byte, error) { return bindataRead( @@ -263,7 +263,7 @@ func migrationsSqlMysql8Sql() (*asset, error) { return nil, err } - info := bindataFileInfo{name: "migrations/sql/mysql/8.sql", size: 7029, mode: os.FileMode(438), modTime: time.Unix(1542578059, 0)} + info := bindataFileInfo{name: "migrations/sql/mysql/8.sql", size: 9058, mode: os.FileMode(438), modTime: time.Unix(1542626922, 0)} a := &asset{bytes: bytes, info: info} return a, nil } @@ -328,7 +328,7 @@ func migrationsSqlPostgres6Sql() (*asset, error) { return a, nil } -var _migrationsSqlPostgres7Sql = []byte("\x1f\x8b\x08\x00\x00\x00\x00\x00\x00\xff\xac\x93\xb1\x4e\x86\x30\x14\x46\x77\x9f\xe2\x6e\x0c\x86\xc5\xd5\xa9\xda\x3a\x55\x30\xa4\x4d\xdc\x48\xd3\x5e\x81\x18\x29\xb6\x10\xe3\xdb\x9b\x30\x10\x22\xfc\xa1\x94\x3e\xc0\x3d\xe7\xa4\xf9\x9a\xe7\x70\xff\xd5\x35\x4e\x8d\x08\x72\xb8\x23\x5c\xb0\x0a\x04\x79\xe2\x0c\xda\x5f\xe3\x54\x6d\xd5\x34\xb6\x0f\xb5\xd2\x1a\xbd\x07\x42\x29\x38\xfc\x9e\xd0\x8f\x68\x6a\x35\x99\x0e\x7b\x8d\x20\xd8\xbb\x80\x42\x72\x0e\x94\xbd\x10\xc9\x05\x64\xd9\x63\x10\xac\x71\xaa\x0f\x40\xdd\x66\x39\xfc\x70\xe8\xdb\x44\x65\x6b\xda\xe5\x34\x6d\x0d\x26\xea\x5a\x50\x97\xa3\x6c\x67\x74\xa2\xa8\x05\x75\x39\x6a\xf8\xd4\xa9\x5e\x6a\x41\x85\x46\xad\x7f\x00\xb5\x3f\xfd\xe1\x6c\x69\x55\xbe\xc1\x73\xc9\xe5\x6b\xb1\xd3\x7b\x3c\xfb\xf5\xfd\xff\xc8\x90\xa5\x47\xfb\xf7\x00\x67\x02\xe6\x11\x46\xdb\x37\xd7\x67\xd4\xf3\xd4\xa2\xd5\x9b\xeb\x33\xea\x79\x50\xd1\xea\xcd\xf5\x8e\xfa\x2f\x00\x00\xff\xff\x9b\xb9\x9f\x6f\x84\x05\x00\x00") +var _migrationsSqlPostgres7Sql = []byte("\x1f\x8b\x08\x00\x00\x00\x00\x00\x00\xff\xac\x93\xb1\x4e\x85\x30\x14\x86\x77\x9f\xe2\x6c\x77\x30\x77\x71\x75\xaa\xb6\x4e\x15\x0c\x69\x13\x37\xd2\xb4\x47\x20\x46\x8a\x2d\xc4\xf8\xf6\x26\x0c\x84\x58\x6e\x28\xa5\x0f\x70\xbe\xef\x4b\xf3\xf7\x7a\x85\xfb\xaf\xae\x71\x6a\x44\x90\xc3\x1d\xe1\x82\x55\x20\xc8\x13\x67\xd0\xfe\x1a\xa7\x6a\xab\xa6\xb1\x7d\xa8\x95\xd6\xe8\x3d\x10\x4a\xc1\xe1\xf7\x84\x7e\x44\x53\xab\xc9\x74\xd8\x6b\x04\xc1\xde\x05\x14\x92\x73\xa0\xec\x85\x48\x2e\xe0\x72\x79\x8c\x82\x35\x4e\xf5\x11\xa8\xdb\x2c\x87\x1f\x0e\x7d\x9b\xa9\x6c\x4d\x3b\x9d\xa6\xad\xc1\x4c\x5d\x0b\xea\x74\x94\xed\x8c\xce\x14\xb5\xa0\x4e\x47\x0d\x9f\x3a\xd7\x4b\x2d\xa8\xd8\xa8\xf5\x0f\xa0\xf6\xa7\xdf\x9d\x2d\xad\xca\x37\x78\x2e\xb9\x7c\x2d\x36\x7a\xf7\x67\xbf\xbe\xff\x1f\x19\xb3\xf4\x64\xff\x16\xe0\x48\xc0\x3c\xc2\x64\x7b\x70\x7d\x44\x3d\x4f\x2d\x59\x1d\x5c\x1f\x51\xcf\x83\x4a\x56\x07\xd7\xa1\xfa\x2f\x00\x00\xff\xff\xfa\x0a\xa4\x20\x83\x05\x00\x00") func migrationsSqlPostgres7SqlBytes() ([]byte, error) { return bindataRead( @@ -343,12 +343,12 @@ func migrationsSqlPostgres7Sql() (*asset, error) { return nil, err } - info := bindataFileInfo{name: "migrations/sql/postgres/7.sql", size: 1412, mode: os.FileMode(438), modTime: time.Unix(1542578027, 0)} + info := bindataFileInfo{name: "migrations/sql/postgres/7.sql", size: 1411, mode: os.FileMode(438), modTime: time.Unix(1542626922, 0)} a := &asset{bytes: bytes, info: info} return a, nil } -var _migrationsSqlPostgres8Sql = []byte("\x1f\x8b\x08\x00\x00\x00\x00\x00\x00\xff\xec\x98\x51\x53\xe2\x3a\x1c\xc5\xdf\xf9\x14\xff\x37\x71\xee\xe0\x78\x19\x79\x72\xbc\x33\x5c\x1a\x94\xb9\xd8\x3a\x25\xce\xd5\x27\x26\xdb\xfe\xb5\x1d\x4b\xeb\x36\x51\xdc\xfd\xf4\x3b\x29\x05\x0a\xc5\x26\x29\x85\xf5\x61\xdf\x14\x9a\x5f\x0f\x39\xe7\x24\x4d\x3b\x1d\xf8\x6b\x16\x3e\xa7\x4c\x20\xdc\xbf\xb6\x2c\x32\x26\x94\xc0\xd0\x75\x6e\x21\xf8\xe1\xa7\x6c\x9a\xb0\x37\x11\x74\xa7\xcc\xf3\x90\x73\xf8\xff\x86\xb8\x04\x6c\x87\x02\x79\x18\x4d\xe8\x04\xda\x13\x32\x26\x03\x0a\x7f\x17\xc7\x78\x51\x88\xb1\xc8\x2f\xde\x81\x39\x5b\x5c\x30\x0d\x7d\xb8\xda\x18\x72\x16\xfa\xa7\x97\x9f\x8b\x48\xf1\x29\x45\x1e\xec\xad\x22\xe7\xd4\x95\xe1\x25\x3e\xee\xad\x41\x42\xea\x0a\x48\x42\xdf\xdb\x5b\x80\x84\xd4\x15\xf0\xfa\xe2\xed\x3f\x03\x12\xa2\x10\xd0\x50\x1e\x57\x53\x1e\x73\x79\xb3\x14\xbf\xbf\x21\x17\xd3\x80\xc5\x7e\x84\x7e\x45\x4e\x97\x57\x16\xe4\x55\xb3\xce\xbc\x80\x45\x11\xc6\xcf\xd8\x5c\x8e\xcd\xd5\x2f\xf3\x7d\x20\xf9\x06\xf9\x37\xd7\x9e\xf5\xe2\x40\xc2\x0d\x7a\x63\x2e\x3c\xeb\xd3\x81\x84\x1b\xf4\xcd\x5c\x78\xd6\xc3\xfd\x84\xb7\x3a\x1d\x98\x23\xb0\x88\x27\x30\x67\xb1\x00\x91\x40\x8a\xb3\xe4\x5d\x7e\x16\x81\x97\x44\x6f\xb3\x98\x83\x08\x98\x80\x80\xbd\x23\xcc\x92\x14\xe5\xbf\x31\x5c\x9c\x83\x17\xb0\x14\x24\x4a\x04\x1c\x18\x87\x39\x9e\xa4\x08\x29\xf2\xf0\x67\x18\x3f\x43\x18\x83\x08\x10\x62\xfc\x10\xc0\x05\xea\x6e\x52\x63\x62\x5f\xd3\x9b\xf6\xfa\x87\x9d\xc2\x3f\xf2\x6e\x8e\x0b\x1b\x3f\xf6\xe4\x44\xbb\xa9\x8d\x20\x0b\xed\x69\x84\x57\x08\x75\x23\xbc\x42\xd6\x4c\x78\x32\x02\x85\x0f\x43\x0e\x4c\x5e\xfa\xce\xd2\xcc\xde\xdc\xc4\x6c\x3e\x53\x8c\x3d\xf4\x41\xb0\x6f\x11\xb6\xfa\x63\x4a\x5c\xa0\xfd\x7f\xc7\x3b\x97\x60\x58\x7c\x3f\x70\xc6\xf7\xb7\x76\xf1\x06\xf4\xf1\x8e\x2c\xe9\xed\x8b\xf3\xd3\xcb\xcf\x49\x4b\x13\x1b\x40\x65\xe6\x35\xc0\xc9\x4c\x6b\x80\x93\x99\xa5\xcf\x31\xee\x29\x83\x7c\xff\x0e\x7d\x98\x87\x22\x58\x16\x17\x63\xe8\xf6\x7a\x59\x73\xb9\x59\x1f\x57\x1b\xbe\xcc\x52\xb7\xd7\x33\x2d\x9f\xc1\xf8\x72\xd3\x0c\x06\x97\x6b\x65\x30\xb8\xdc\xa1\xf2\x60\xb3\xe4\xaf\x9f\x93\x36\x5c\xed\xf6\x7a\xc6\xc9\xaf\x87\x2a\x27\xbf\x1e\xa7\x9c\xfc\x7a\x9c\x72\xf2\x2b\x39\x7f\x66\xfb\xa8\xb3\x3d\x70\x49\x9f\x12\x18\xd9\x16\x79\xd8\x35\xdd\xd3\xd5\xf0\x69\xe8\x7f\x80\x63\xef\xf4\xa4\xd0\x9a\xcb\x0a\x64\x3e\xef\x0a\xe6\xd2\x1d\x4d\xa8\x74\x40\x41\xcc\x4c\xd2\xc4\x49\x23\x14\xb8\xcc\x2b\x4d\x9c\xf4\x43\x81\xcb\x2c\xdb\xc0\xb5\x26\x84\x02\x47\xce\xc3\x24\x9e\xa6\xf8\x1a\x85\x1e\x13\xd9\xdf\x49\x84\x70\x05\xf9\x47\x3a\x65\xb1\x2c\x18\x38\xf6\x84\xba\xfd\x91\x4d\x15\x06\x3f\xbd\xc0\xd0\x71\xc9\xe8\xda\x86\xff\xc8\x63\x51\x12\xb8\x64\x48\x5c\x62\x0f\xc8\x64\xe3\xf0\xd7\x96\xdf\x39\x36\xe4\xeb\xeb\xa0\x3f\x19\xf4\x2d\xa2\xd3\xbc\x0a\x5d\xe5\x94\x1c\x41\xd8\xa2\xc7\x15\xaa\xb6\x62\x76\x04\x49\x8b\x25\xa1\x42\xd2\x56\x54\x8f\x20\x69\xb1\xba\x54\x48\xda\x8a\x7b\x73\x92\x9a\x48\xfa\xfa\x89\xab\x24\xac\xf8\xe4\x5c\x52\x56\x7d\xbe\x6a\xaf\xcf\x57\x07\xab\xc2\xd7\x52\xae\xd7\x95\xaf\xa5\x59\xaf\x4c\x5f\x4b\xb3\x5e\xdb\x7e\x8b\x66\xd5\x0e\x65\x91\x61\xff\x7e\x4c\x17\x07\x99\xd5\x7b\x6b\x2b\x99\xc7\xca\x22\x5b\xae\x73\x67\xb2\x67\x69\x54\xac\x12\xb9\x6b\xbb\x51\x85\xbf\x12\x58\xda\x29\x54\xb1\xac\xa4\x95\x16\x79\x55\x60\x2a\x69\xa5\xf5\x59\x63\x65\xd5\x31\x64\x23\x84\x4d\x39\xa2\x0b\xd5\xb4\x44\x17\xa7\xe9\x89\x2e\x4e\xd3\x94\x2d\x5c\x33\xaf\x5b\xea\x9c\x83\x6a\xb2\xf4\x5f\xb8\x18\x9f\x84\x6a\x82\xf4\x5f\xb9\x34\x70\xf2\xa4\xe4\x81\xee\x79\xe2\x54\x20\x94\x27\x4d\xc5\x78\xe5\x09\x53\x31\x5e\x79\xb2\x5c\x8c\xff\x15\x00\x00\xff\xff\x02\xf7\x69\x7e\xa8\x1c\x00\x00") +var _migrationsSqlPostgres8Sql = []byte("\x1f\x8b\x08\x00\x00\x00\x00\x00\x00\xff\xcc\x99\x6f\x73\xda\xb8\x13\xc7\x9f\xf3\x2a\xf6\x59\x92\xf9\x35\xfc\xd2\x5c\xf2\x88\xc9\xcd\x70\xe0\xb4\x99\xa3\xd0\x01\x67\xda\x3e\x62\x54\x7b\xc1\x9a\x1a\x99\x93\x44\x48\xee\xd5\xdf\xac\xcc\x1f\x83\x8d\x25\x1b\x5f\xaf\x4f\x41\xfa\x78\xa5\xef\xee\x6a\x57\xba\xbe\x86\xff\x2d\xf8\x5c\x32\x8d\xf0\xbc\x6c\xb5\xae\xaf\xe1\x91\x4b\xa5\x61\x8d\x20\x10\x43\xd0\x09\x84\x18\xa3\x46\x60\x71\x0c\x32\x59\x2b\xd0\x11\xd3\xb0\x4c\xb8\xd0\xf4\x2f\x03\x91\x88\x6b\x7c\xe5\x4a\x73\x31\x87\x84\xad\x74\x74\x0b\x41\xcc\x51\xe8\x76\xab\xef\x0d\x3c\xdf\x83\xc7\xf1\xe8\x13\x44\x6f\xa1\x64\xd3\x74\xc0\x94\x05\x01\x2a\x05\x5f\x3e\x7a\x63\x0f\x86\x23\x1f\xbc\xaf\x4f\x13\x7f\x02\x97\x13\x6f\xe0\xf5\x7c\x78\x9f\x9d\x93\xd2\x36\x83\x0b\x30\xed\x74\xc0\x94\x87\xf0\x70\x30\xa5\xcd\xc3\xab\xce\x69\x23\x24\xce\x24\xaa\xe8\x6c\x2b\x36\x9c\xba\x66\x04\x49\x88\x67\xdb\x40\x90\xba\x06\x24\x3c\x0c\xce\x36\x80\x20\x75\x0d\x58\xfe\x08\xce\xdf\x01\x82\x58\x0c\x30\x0e\x2e\xf1\xaf\x15\x2a\x33\x86\x2b\x60\x70\x77\x03\x2f\x4c\x06\x11\x93\xc0\x05\xe8\x08\x41\xe2\x0c\x25\x8a\x80\xfc\x9f\x7d\x8f\x11\xd6\x11\x0f\x22\x1a\xbd\x8e\xde\x28\x34\x98\xa4\x41\x8a\xff\xcd\xc5\x9c\x90\xef\xdb\xf0\x05\x61\xb1\x52\x1a\x24\x2e\x92\x17\xcc\x7c\x44\x41\x9c\x88\x39\x4a\x8a\x1b\x41\x1f\xa3\x2f\xa9\x36\xf8\x11\x57\xa0\xa2\x64\x15\x87\x20\xf0\x05\x25\x44\x6c\xb9\x44\x01\x4c\xc1\x1a\x2f\x5e\x70\xf3\x2b\x57\x6a\x45\x86\x44\xb8\x38\x20\xe9\x88\x2b\xc7\xf8\x1a\x78\xc3\x0f\xfe\xc7\xcb\xbd\x4d\x57\xf0\x3b\xdc\xdd\x38\x47\x46\xf5\xf9\x19\x97\xae\x3e\x39\xe3\x8e\xd5\x27\x67\x5c\xe9\xe4\x64\x92\xec\xb6\x0d\x43\x7c\xa5\x44\x77\x21\x11\x58\xa0\x57\x2c\x8e\xdf\xf6\xaa\x76\x07\xbe\x37\x06\xbf\xfb\xc7\xa0\x30\xe5\x40\xfa\x7f\x6f\x34\x78\xfe\x34\xcc\xba\x94\xff\xed\xb3\xb7\xf5\xa7\xcb\xbb\x9b\xab\xce\x69\xd2\x76\x93\x1b\x40\x99\xfd\x6e\x80\x63\xb6\xbe\x01\x8e\x51\xc1\x9d\x43\x82\xfc\xb6\x8f\x21\x16\xab\x04\x42\x99\x2c\x4d\x34\x52\x46\x18\x3e\x0f\x06\xc0\x44\x08\x21\xce\xd8\x2a\xd6\xf0\xc2\xe2\x15\x2a\x8a\x95\x0c\x38\x60\x02\xbe\x23\x28\x34\x27\x13\xcd\x79\x07\xb3\x44\x02\xbe\xb2\xc5\x32\x46\xe0\x82\x3e\x04\x70\x78\x4a\x41\x20\x31\x44\xa1\x39\x8b\x15\xcc\x25\xa3\x73\xab\xae\xfa\xfd\xf1\xe8\xf3\xce\xe0\x33\xa4\x77\xe5\x94\xea\xee\x0a\x29\x15\xdd\x15\x52\xaa\xb8\x2b\xc4\x65\x77\xfb\xde\x63\xf7\x79\xe0\x9f\xbb\xb9\x76\x8c\x7d\x6f\xed\x0c\xfb\xd6\xda\x19\xf6\x9d\xdd\x31\xc8\xbd\xef\xda\xd0\x15\x21\xc4\x4c\xe9\xf8\xed\x1d\x9d\x56\x26\xa6\x28\x28\xf8\x2e\x2e\x60\x1d\xa1\xc4\xcd\x61\x77\x70\x1c\x0a\xc0\xc5\x52\xbf\x81\xd2\x92\xd2\xe0\xf3\xe7\x7e\xd7\x2f\x56\x69\xe2\xf9\xd9\xc9\x0f\x29\xf8\x64\xea\x7d\x80\x9b\x4e\x21\x6e\x2b\x57\x53\x3c\xa3\x5b\x53\x30\x23\x60\x53\x30\xa3\x64\x1d\x18\xe9\x7a\xdf\x86\x61\xb2\x26\x3d\x29\xcd\x65\x8b\xf2\xdd\xe8\x8b\x4d\x71\x4e\xe5\x09\xe9\xfd\x7d\xa5\x21\x4c\x40\x24\xd9\x7a\x5d\xc0\xae\x58\x0f\x22\x16\xc7\x28\xe6\x68\x52\xaf\xc9\xba\xc6\x57\xb8\x08\xe2\x55\x88\x9b\x64\x99\x2d\x65\xd2\x42\x68\xcb\xdf\x38\x53\x8d\x2a\xbf\x05\x50\x54\xdc\xed\x14\x14\x8a\xaa\xb8\xed\x97\x23\x26\xc2\x18\xc3\x92\x06\xe0\x60\x43\x5d\x58\xed\xdd\xda\x61\x34\xb6\x23\xcd\x32\xeb\xb5\x12\x8d\x2d\x75\xdb\x65\x34\xb9\xd6\x42\xa6\x75\xb1\x27\x1a\x96\xc6\x56\x6a\x7a\x99\x26\x97\x99\x07\x5a\xd7\x78\xa2\x27\x6a\x6c\x8d\xa6\x5d\x6a\x72\x8d\x79\xa0\x75\x8d\x27\xda\xae\xc6\xd6\x68\x3a\xb2\x26\xd7\x98\x07\x6e\xd7\x48\xb9\xea\x49\xc0\x52\xe2\x92\x49\xa6\x79\x22\x4c\xe5\x17\x48\x64\x26\xd5\xd1\x49\xb7\xef\x0d\xb9\x08\xf1\xd5\xd4\x93\xb3\x44\x22\x9f\x0b\xf8\x81\x85\x67\xe5\xb6\x4a\xbd\xbd\xbf\xbf\xda\x77\x81\x94\x29\xe9\x83\x04\x25\x43\x75\x04\xc9\xec\xb8\xdd\xac\xd6\x9b\xed\x6c\xa3\x1e\xe5\xf6\xfe\xbe\x6a\x6f\x56\x61\x7e\xbe\x37\xab\x30\x39\xdf\x9b\x55\x98\x9c\xef\xcd\xf2\x93\x2b\xd5\x86\x7b\x45\x0f\x7a\x0a\x52\xab\x6a\x7d\x58\x0f\x95\xaf\x11\xeb\x71\xf2\x75\x62\x3d\x4e\xbe\x56\x2c\xe5\x90\x13\x53\x51\xc1\x35\x95\x0e\x7c\x81\xe4\xf3\x26\x66\xd2\xda\x30\x8d\x13\x13\x48\x5b\x4c\xab\x37\xf6\xa8\xb0\x79\x1a\xf6\xbd\xaf\x45\x0a\x4d\x77\x43\xa7\x3c\x7c\x85\xd1\xb0\x50\xc6\x8c\xf2\x9d\x12\xe4\x46\x2a\x0b\x73\x2b\xa8\x23\x94\x44\xb3\x10\x8d\xae\x8e\x38\xd2\xce\x82\x33\xf2\x3a\xe2\x48\x42\x0b\xce\xa8\x7c\x80\x33\x17\xb7\xfb\x54\xa6\x40\x69\x26\x35\x50\x91\xdf\x6a\x51\xc5\xa9\x50\x29\x9e\x88\xa9\xc4\x65\xcc\x03\x93\x20\xa7\x32\x89\x11\x1e\x60\xf3\x53\x0a\x31\xb7\x52\xa9\x07\x28\x60\xd9\xf4\x98\x96\x96\x01\x53\x01\x0b\x71\x53\x7f\x5e\x28\xe0\xb3\xe3\xdc\xaa\x36\x77\x60\xa1\x43\x1b\xdd\xef\x43\x6f\x34\x9c\xf8\xe3\xee\xd3\xd0\xb7\x78\xd3\xec\x07\x3c\x8e\xc6\xde\xd3\x87\x21\xfc\xe9\x7d\xcb\xae\x1f\xc6\xde\xa3\x37\xf6\x86\x3d\x6f\x72\x90\x85\x2f\xe9\xbf\xd1\x10\x36\x09\xa9\xd7\x9d\xf4\xba\x7d\xcf\x25\x33\x94\xd8\x95\x77\xc9\x9f\x60\x58\x9a\x67\x4a\xac\x3a\xf2\xe9\x9f\x60\x52\x9a\xb2\x4a\x4c\x3a\x8a\x8b\x9f\x60\x52\x9a\xfd\x4a\x4c\x3a\x8a\xad\xe6\x4c\x3a\x2b\x74\xd2\x32\x08\x98\x52\x49\xc0\x99\xc6\x10\xd6\x5c\x47\xe6\x82\xb7\xe9\x68\xda\xd7\x4e\xb9\xc5\x67\x9b\xce\xdc\xea\xcb\x2b\xb6\xcb\x5d\xc5\xf6\xef\x85\xdb\xaf\x65\xb9\x5b\x3c\xfe\x5a\x36\xbb\x05\xec\xaf\x65\xb3\x5b\x44\xff\x27\x36\xdb\x8e\xd5\x83\x4b\xb9\xdd\x23\x6b\x3f\x59\x0b\xf3\x4b\x5f\x26\x4b\x75\x74\x74\x66\x52\x86\x35\xd8\xcd\xc5\x5f\x85\xb3\xd3\x21\x0c\x4b\x91\x45\xc7\x9e\x2d\x40\x4a\x81\xb9\x13\xcb\xe6\xba\xa5\xb4\xdc\x61\x63\x73\xaa\x52\x5a\xee\x9c\xe8\x1c\x6b\xb6\x75\x8d\xff\x67\xba\xd1\xa6\xe5\x3b\x70\xeb\xa6\xf4\x73\x85\x3a\x0a\xe8\x8a\x73\x54\xd0\x15\xe7\x28\xe1\x11\xee\x50\xc3\xa2\xe6\xc6\x20\x1d\x5b\x9b\xce\xc9\xd1\x85\x5d\xcb\xe9\xe1\xf9\x7e\xe4\xf4\xd8\x7c\xb3\x71\x7a\x6c\xbe\x93\xe8\x1c\x3f\x80\xaf\x99\xda\xde\xe4\x66\x1e\xe4\xd2\x2b\xe9\x4b\xaa\x42\x92\x95\xde\xbe\xb9\x5d\xc1\x35\xc4\x48\x9d\xa2\xc4\x17\x94\xda\x54\x35\xcd\xbc\x93\xd6\x69\xd8\x6b\xb2\xdc\x5f\x4a\x2b\xb7\xec\x35\x41\xee\x6f\xa5\x9b\xa6\xbd\xee\x96\xd3\x81\xd5\xc0\xdb\xa4\x23\xa6\x74\xa3\x1d\x19\xa5\x7b\xec\xc8\x28\xdd\xde\x43\x06\x05\xc7\xfe\x34\x2e\x88\x0d\x12\xe0\x5d\x3e\x08\x2a\xbe\x17\x1f\x5d\xc9\xf8\xde\xd7\xca\xaf\x99\xd5\x10\xd6\x5b\x2a\xcb\x7c\xeb\xed\x94\x65\xbe\xf5\x56\x2a\x9d\xff\x4f\x00\x00\x00\xff\xff\xc0\x3c\x8d\x3a\x8d\x26\x00\x00") func migrationsSqlPostgres8SqlBytes() ([]byte, error) { return bindataRead( @@ -363,7 +363,7 @@ func migrationsSqlPostgres8Sql() (*asset, error) { return nil, err } - info := bindataFileInfo{name: "migrations/sql/postgres/8.sql", size: 7336, mode: os.FileMode(438), modTime: time.Unix(1542578027, 0)} + info := bindataFileInfo{name: "migrations/sql/postgres/8.sql", size: 9869, mode: os.FileMode(438), modTime: time.Unix(1542626922, 0)} a := &asset{bytes: bytes, info: info} return a, nil } @@ -403,7 +403,7 @@ func migrationsSqlTests1_testSql() (*asset, error) { return nil, err } - info := bindataFileInfo{name: "migrations/sql/tests/1_test.sql", size: 3020, mode: os.FileMode(438), modTime: time.Unix(1542578027, 0)} + info := bindataFileInfo{name: "migrations/sql/tests/1_test.sql", size: 3020, mode: os.FileMode(438), modTime: time.Unix(1542622082, 0)} a := &asset{bytes: bytes, info: info} return a, nil } @@ -423,7 +423,7 @@ func migrationsSqlTests2_testSql() (*asset, error) { return nil, err } - info := bindataFileInfo{name: "migrations/sql/tests/2_test.sql", size: 3108, mode: os.FileMode(438), modTime: time.Unix(1542578027, 0)} + info := bindataFileInfo{name: "migrations/sql/tests/2_test.sql", size: 3108, mode: os.FileMode(438), modTime: time.Unix(1542622082, 0)} a := &asset{bytes: bytes, info: info} return a, nil } @@ -443,7 +443,7 @@ func migrationsSqlTests3_testSql() (*asset, error) { return nil, err } - info := bindataFileInfo{name: "migrations/sql/tests/3_test.sql", size: 3349, mode: os.FileMode(438), modTime: time.Unix(1542578027, 0)} + info := bindataFileInfo{name: "migrations/sql/tests/3_test.sql", size: 3349, mode: os.FileMode(438), modTime: time.Unix(1542622082, 0)} a := &asset{bytes: bytes, info: info} return a, nil } @@ -463,7 +463,7 @@ func migrationsSqlTests4_testSql() (*asset, error) { return nil, err } - info := bindataFileInfo{name: "migrations/sql/tests/4_test.sql", size: 3419, mode: os.FileMode(438), modTime: time.Unix(1542578027, 0)} + info := bindataFileInfo{name: "migrations/sql/tests/4_test.sql", size: 3419, mode: os.FileMode(438), modTime: time.Unix(1542622082, 0)} a := &asset{bytes: bytes, info: info} return a, nil } @@ -483,7 +483,7 @@ func migrationsSqlTests5_testSql() (*asset, error) { return nil, err } - info := bindataFileInfo{name: "migrations/sql/tests/5_test.sql", size: 3419, mode: os.FileMode(438), modTime: time.Unix(1542578027, 0)} + info := bindataFileInfo{name: "migrations/sql/tests/5_test.sql", size: 3419, mode: os.FileMode(438), modTime: time.Unix(1542622082, 0)} a := &asset{bytes: bytes, info: info} return a, nil } @@ -503,7 +503,7 @@ func migrationsSqlTests6_testSql() (*asset, error) { return nil, err } - info := bindataFileInfo{name: "migrations/sql/tests/6_test.sql", size: 3419, mode: os.FileMode(438), modTime: time.Unix(1542578027, 0)} + info := bindataFileInfo{name: "migrations/sql/tests/6_test.sql", size: 3419, mode: os.FileMode(438), modTime: time.Unix(1542622082, 0)} a := &asset{bytes: bytes, info: info} return a, nil } @@ -523,7 +523,7 @@ func migrationsSqlTests7_testSql() (*asset, error) { return nil, err } - info := bindataFileInfo{name: "migrations/sql/tests/7_test.sql", size: 10010, mode: os.FileMode(438), modTime: time.Unix(1542578027, 0)} + info := bindataFileInfo{name: "migrations/sql/tests/7_test.sql", size: 10010, mode: os.FileMode(438), modTime: time.Unix(1542622082, 0)} a := &asset{bytes: bytes, info: info} return a, nil } @@ -543,7 +543,7 @@ func migrationsSqlTests8_testSql() (*asset, error) { return nil, err } - info := bindataFileInfo{name: "migrations/sql/tests/8_test.sql", size: 3789, mode: os.FileMode(438), modTime: time.Unix(1542578027, 0)} + info := bindataFileInfo{name: "migrations/sql/tests/8_test.sql", size: 3789, mode: os.FileMode(438), modTime: time.Unix(1542622082, 0)} a := &asset{bytes: bytes, info: info} return a, nil } diff --git a/scripts/test-e2e-jwt.sh b/scripts/test-e2e-jwt.sh index d4f7e738692..b1b851b0913 100755 --- a/scripts/test-e2e-jwt.sh +++ b/scripts/test-e2e-jwt.sh @@ -23,8 +23,7 @@ go install ./test/mock-client go install ./test/mock-lcp go install ./test/mock-cb -DATABASE_URL=memory \ - OAUTH2_CONSENT_URL=http://127.0.0.1:3000/consent \ +OAUTH2_CONSENT_URL=http://127.0.0.1:3000/consent \ OAUTH2_LOGIN_URL=http://127.0.0.1:3000/login \ OAUTH2_ERROR_URL=http://127.0.0.1:3000/error \ OAUTH2_SHARE_ERROR_DEBUG=true \ diff --git a/scripts/test-e2e-opaque.sh b/scripts/test-e2e-opaque.sh index 74aecdd6fc6..a63e73d181d 100755 --- a/scripts/test-e2e-opaque.sh +++ b/scripts/test-e2e-opaque.sh @@ -22,8 +22,7 @@ go install ./test/mock-client go install ./test/mock-lcp go install ./test/mock-cb -DATABASE_URL=memory \ - OAUTH2_CONSENT_URL=http://127.0.0.1:3000/consent \ +OAUTH2_CONSENT_URL=http://127.0.0.1:3000/consent \ OAUTH2_LOGIN_URL=http://127.0.0.1:3000/login \ OAUTH2_ERROR_URL=http://127.0.0.1:3000/error \ OAUTH2_SHARE_ERROR_DEBUG=true \