diff --git a/docs/configuration/storage/migrations.md b/docs/configuration/storage/migrations.md index 30c142e3..a66c6e30 100644 --- a/docs/configuration/storage/migrations.md +++ b/docs/configuration/storage/migrations.md @@ -23,3 +23,4 @@ this instance if you wanted to downgrade to pre1 you would need to use an Authel | pre1 | 4.0.0 | Downgrading to this version requires you use the --pre1 flag | | 1 | 4.33.0 | Initial migration managed version | | 2 | 4.34.0 | Webauthn - added webauthn_devices table, altered totp_config to include device created/used dates | +| 3 | 4.34.2 | Webauthn - fix V2 migration kid column length and provide migration path for anyone on V2 | diff --git a/internal/storage/const.go b/internal/storage/const.go index 5b439e48..affa0bca 100644 --- a/internal/storage/const.go +++ b/internal/storage/const.go @@ -56,7 +56,7 @@ const ( const ( // This is the latest schema version for the purpose of tests. - testLatestVersion = 2 + testLatestVersion = 3 ) const ( diff --git a/internal/storage/migrations/V0002.Webauthn.mysql.up.sql b/internal/storage/migrations/V0002.Webauthn.mysql.up.sql index 13a273e3..9b617e25 100644 --- a/internal/storage/migrations/V0002.Webauthn.mysql.up.sql +++ b/internal/storage/migrations/V0002.Webauthn.mysql.up.sql @@ -26,7 +26,7 @@ CREATE TABLE IF NOT EXISTS webauthn_devices ( rpid TEXT, username VARCHAR(100) NOT NULL, description VARCHAR(30) NOT NULL DEFAULT 'Primary', - kid VARCHAR(100) NOT NULL, + kid VARCHAR(512) NOT NULL, public_key BLOB NOT NULL, attestation_type VARCHAR(32), transport VARCHAR(20) DEFAULT '', diff --git a/internal/storage/migrations/V0002.Webauthn.postgres.up.sql b/internal/storage/migrations/V0002.Webauthn.postgres.up.sql index 371f7a82..a0276784 100644 --- a/internal/storage/migrations/V0002.Webauthn.postgres.up.sql +++ b/internal/storage/migrations/V0002.Webauthn.postgres.up.sql @@ -26,7 +26,7 @@ CREATE TABLE IF NOT EXISTS webauthn_devices ( rpid TEXT, username VARCHAR(100) NOT NULL, description VARCHAR(30) NOT NULL DEFAULT 'Primary', - kid VARCHAR(100) NOT NULL, + kid VARCHAR(512) NOT NULL, public_key BYTEA NOT NULL, attestation_type VARCHAR(32), transport VARCHAR(20) DEFAULT '', diff --git a/internal/storage/migrations/V0002.Webauthn.sqlite.up.sql b/internal/storage/migrations/V0002.Webauthn.sqlite.up.sql index 0ebace9b..d18f6d74 100644 --- a/internal/storage/migrations/V0002.Webauthn.sqlite.up.sql +++ b/internal/storage/migrations/V0002.Webauthn.sqlite.up.sql @@ -26,7 +26,7 @@ CREATE TABLE IF NOT EXISTS webauthn_devices ( rpid TEXT, username VARCHAR(100) NOT NULL, description VARCHAR(30) NOT NULL DEFAULT 'Primary', - kid VARCHAR(100) NOT NULL, + kid VARCHAR(512) NOT NULL, public_key BLOB NOT NULL, attestation_type VARCHAR(32), transport VARCHAR(20) DEFAULT '', diff --git a/internal/storage/migrations/V0003.WebauthnKIDLength.all.down.sql b/internal/storage/migrations/V0003.WebauthnKIDLength.all.down.sql new file mode 100644 index 00000000..888472bf --- /dev/null +++ b/internal/storage/migrations/V0003.WebauthnKIDLength.all.down.sql @@ -0,0 +1 @@ +DROP TABLE IF EXISTS _bkp_UP_V0003_webauthn_devices; diff --git a/internal/storage/migrations/V0003.WebauthnKIDLength.mysql.up.sql b/internal/storage/migrations/V0003.WebauthnKIDLength.mysql.up.sql new file mode 100644 index 00000000..79fede7c --- /dev/null +++ b/internal/storage/migrations/V0003.WebauthnKIDLength.mysql.up.sql @@ -0,0 +1,26 @@ +ALTER TABLE webauthn_devices RENAME _bkp_UP_V0003_webauthn_devices; + +CREATE TABLE IF NOT EXISTS webauthn_devices ( + id INTEGER AUTO_INCREMENT, + created_at TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP, + last_used_at TIMESTAMP NULL DEFAULT NULL, + rpid TEXT, + username VARCHAR(100) NOT NULL, + description VARCHAR(30) NOT NULL DEFAULT 'Primary', + kid VARCHAR(512) NOT NULL, + public_key BLOB NOT NULL, + attestation_type VARCHAR(32), + transport VARCHAR(20) DEFAULT '', + aaguid CHAR(36) NOT NULL, + sign_count INTEGER DEFAULT 0, + clone_warning BOOLEAN NOT NULL DEFAULT FALSE, + PRIMARY KEY (id), + UNIQUE KEY (username, description), + UNIQUE KEY (kid) +); + +INSERT INTO webauthn_devices (id, created_at, last_used_at, rpid, username, description, kid, public_key, attestation_type, transport, aaguid, sign_count, clone_warning) +SELECT id, created_at, last_used_at, rpid, username, description, kid, public_key, attestation_type, transport, aaguid, sign_count, clone_warning +FROM _bkp_UP_V0003_webauthn_devices; + +DROP TABLE IF EXISTS _bkp_UP_V0003_webauthn_devices; diff --git a/internal/storage/migrations/V0003.WebauthnKIDLength.postgres.up.sql b/internal/storage/migrations/V0003.WebauthnKIDLength.postgres.up.sql new file mode 100644 index 00000000..2aeeb828 --- /dev/null +++ b/internal/storage/migrations/V0003.WebauthnKIDLength.postgres.up.sql @@ -0,0 +1,26 @@ +ALTER TABLE webauthn_devices RENAME TO _bkp_UP_V0003_webauthn_devices; + +CREATE TABLE IF NOT EXISTS webauthn_devices ( + id SERIAL, + created_at TIMESTAMP WITH TIME ZONE NOT NULL DEFAULT CURRENT_TIMESTAMP, + last_used_at TIMESTAMP WITH TIME ZONE NULL DEFAULT NULL, + rpid TEXT, + username VARCHAR(100) NOT NULL, + description VARCHAR(30) NOT NULL DEFAULT 'Primary', + kid VARCHAR(512) NOT NULL, + public_key BYTEA NOT NULL, + attestation_type VARCHAR(32), + transport VARCHAR(20) DEFAULT '', + aaguid CHAR(36) NOT NULL, + sign_count INTEGER DEFAULT 0, + clone_warning BOOLEAN NOT NULL DEFAULT FALSE, + PRIMARY KEY (id), + UNIQUE (username, description), + UNIQUE (kid) +); + +INSERT INTO webauthn_devices (id, created_at, last_used_at, rpid, username, description, kid, public_key, attestation_type, transport, aaguid, sign_count, clone_warning) +SELECT id, created_at, last_used_at, rpid, username, description, kid, public_key, attestation_type, transport, aaguid, sign_count, clone_warning +FROM _bkp_UP_V0003_webauthn_devices; + +DROP TABLE IF EXISTS _bkp_UP_V0003_webauthn_devices; diff --git a/internal/storage/migrations/V0003.WebauthnKIDLength.sqlite.up.sql b/internal/storage/migrations/V0003.WebauthnKIDLength.sqlite.up.sql new file mode 100644 index 00000000..52c34b3d --- /dev/null +++ b/internal/storage/migrations/V0003.WebauthnKIDLength.sqlite.up.sql @@ -0,0 +1,26 @@ +ALTER TABLE webauthn_devices RENAME TO _bkp_UP_V0003_webauthn_devices; + +CREATE TABLE IF NOT EXISTS webauthn_devices ( + id INTEGER, + created_at TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP, + last_used_at TIMESTAMP NULL DEFAULT NULL, + rpid TEXT, + username VARCHAR(100) NOT NULL, + description VARCHAR(30) NOT NULL DEFAULT 'Primary', + kid VARCHAR(512) NOT NULL, + public_key BLOB NOT NULL, + attestation_type VARCHAR(32), + transport VARCHAR(20) DEFAULT '', + aaguid CHAR(36) NOT NULL, + sign_count INTEGER DEFAULT 0, + clone_warning BOOLEAN NOT NULL DEFAULT FALSE, + PRIMARY KEY (id), + UNIQUE (username, description), + UNIQUE (kid) +); + +INSERT INTO webauthn_devices (id, created_at, last_used_at, rpid, username, description, kid, public_key, attestation_type, transport, aaguid, sign_count, clone_warning) +SELECT id, created_at, last_used_at, rpid, username, description, kid, public_key, attestation_type, transport, aaguid, sign_count, clone_warning +FROM _bkp_UP_V0003_webauthn_devices; + +DROP TABLE IF EXISTS _bkp_UP_V0003_webauthn_devices;