refactor: exclude id from sqlite3 migration (#3242)

* refactor: exclude id from sqlite3 table recreate

* docs: add migration docs
This commit is contained in:
James Elliott 2022-04-25 21:11:56 +10:00 committed by GitHub
parent 06ba312c28
commit 555746e771
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 23 additions and 19 deletions

View File

@ -18,10 +18,11 @@ This means all Authelia versions between two schema versions use the first schem
For example for version pre1, it is used for all versions between it and the version 1 schema, so 4.0.0 to 4.32.2. In For example for version pre1, it is used for all versions between it and the version 1 schema, so 4.0.0 to 4.32.2. In
this instance if you wanted to downgrade to pre1 you would need to use an Authelia binary with version 4.33.0 or higher. this instance if you wanted to downgrade to pre1 you would need to use an Authelia binary with version 4.33.0 or higher.
| Schema Version | Authelia Version | Notes | | Schema Version | Authelia Version | Notes |
|:--------------:|:----------------:|:-------------------------------------------------------------------------------------------------:| |:--------------:|:----------------:|:--------------------------------------------------------------------------------------------------:|
| pre1 | 4.0.0 | Downgrading to this version requires you use the --pre1 flag | | pre1 | 4.0.0 | Downgrading to this version requires you use the --pre1 flag |
| 1 | 4.33.0 | Initial migration managed version | | 1 | 4.33.0 | Initial migration managed version |
| 2 | 4.34.0 | Webauthn - added webauthn_devices table, altered totp_config to include device created/used dates | | 2 | 4.34.0 | Webauthn - added webauthn_devices table, altered totp_config to include device created/used dates |
| 3 | 4.34.2 | Webauthn - fix V2 migration kid column length and provide migration path for anyone on V2 | | 3 | 4.34.2 | Webauthn - fix V2 migration kid column length and provide migration path for anyone on V2 |
| 4 | 4.35.0 | Added OpenID Connect storage tables and opaque user identifier tables | | 4 | 4.35.0 | Added OpenID Connect storage tables and opaque user identifier tables |
| 5 | 4.35.1 | Fixed the oauth2_consent_session table to accept NULL subjects for users who are not yet signed in |

View File

@ -1,5 +1,6 @@
DELETE FROM oauth2_consent_session WHERE subject IN(SELECT identifier FROM user_opaque_identifier WHERE username = '' AND service IN('openid', 'openid_connect')); DELETE FROM oauth2_consent_session WHERE subject IN(SELECT identifier FROM user_opaque_identifier WHERE username = '' AND service IN('openid', 'openid_connect'));
DELETE FROM user_opaque_identifier WHERE username = '' AND service IN('openid', 'openid_connect'); DELETE FROM user_opaque_identifier WHERE username = '' AND service IN('openid', 'openid_connect');
DELETE FROM user_opaque_identifier WHERE service <> 'openid';
ALTER TABLE oauth2_consent_session MODIFY subject CHAR(36) NULL DEFAULT NULL; ALTER TABLE oauth2_consent_session MODIFY subject CHAR(36) NULL DEFAULT NULL;
ALTER TABLE oauth2_consent_session ALTER TABLE oauth2_consent_session
DROP FOREIGN KEY oauth2_consent_subject_fkey, DROP FOREIGN KEY oauth2_consent_subject_fkey,

View File

@ -1,5 +1,6 @@
DELETE FROM oauth2_consent_session WHERE subject IN(SELECT identifier FROM user_opaque_identifier WHERE username = '' AND service IN('openid', 'openid_connect')); DELETE FROM oauth2_consent_session WHERE subject IN(SELECT identifier FROM user_opaque_identifier WHERE username = '' AND service IN('openid', 'openid_connect'));
DELETE FROM user_opaque_identifier WHERE username = '' AND service IN('openid', 'openid_connect'); DELETE FROM user_opaque_identifier WHERE username = '' AND service IN('openid', 'openid_connect');
DELETE FROM user_opaque_identifier WHERE service <> 'openid';
ALTER TABLE oauth2_consent_session ALTER COLUMN subject DROP NOT NULL; ALTER TABLE oauth2_consent_session ALTER COLUMN subject DROP NOT NULL;
ALTER TABLE oauth2_consent_session ALTER COLUMN subject SET DEFAULT NULL; ALTER TABLE oauth2_consent_session ALTER COLUMN subject SET DEFAULT NULL;
ALTER TABLE oauth2_consent_session RENAME CONSTRAINT oauth2_consent_subject_fkey TO oauth2_consent_session_subject_fkey; ALTER TABLE oauth2_consent_session RENAME CONSTRAINT oauth2_consent_subject_fkey TO oauth2_consent_session_subject_fkey;

View File

@ -4,6 +4,7 @@ BEGIN TRANSACTION;
DELETE FROM oauth2_consent_session WHERE subject IN(SELECT identifier FROM user_opaque_identifier WHERE username = '' AND service IN('openid', 'openid_connect')); DELETE FROM oauth2_consent_session WHERE subject IN(SELECT identifier FROM user_opaque_identifier WHERE username = '' AND service IN('openid', 'openid_connect'));
DELETE FROM user_opaque_identifier WHERE username = '' AND service IN('openid', 'openid_connect'); DELETE FROM user_opaque_identifier WHERE username = '' AND service IN('openid', 'openid_connect');
DELETE FROM user_opaque_identifier WHERE service <> 'openid';
ALTER TABLE oauth2_consent_session RENAME TO _bkp_UP_V0005_oauth2_consent_session; ALTER TABLE oauth2_consent_session RENAME TO _bkp_UP_V0005_oauth2_consent_session;
@ -28,8 +29,8 @@ CREATE TABLE IF NOT EXISTS oauth2_consent_session (
REFERENCES user_opaque_identifier(identifier) ON UPDATE RESTRICT ON DELETE RESTRICT REFERENCES user_opaque_identifier(identifier) ON UPDATE RESTRICT ON DELETE RESTRICT
); );
INSERT INTO oauth2_consent_session (id, challenge_id, client_id, subject, authorized, granted, requested_at, responded_at, expires_at, form_data, requested_scopes, granted_scopes, requested_audience, granted_audience) INSERT INTO oauth2_consent_session (challenge_id, client_id, subject, authorized, granted, requested_at, responded_at, expires_at, form_data, requested_scopes, granted_scopes, requested_audience, granted_audience)
SELECT id, challenge_id, client_id, subject, authorized, granted, requested_at, responded_at, expires_at, form_data, requested_scopes, granted_scopes, requested_audience, granted_audience SELECT challenge_id, client_id, subject, authorized, granted, requested_at, responded_at, expires_at, form_data, requested_scopes, granted_scopes, requested_audience, granted_audience
FROM _bkp_UP_V0005_oauth2_consent_session FROM _bkp_UP_V0005_oauth2_consent_session
ORDER BY id; ORDER BY id;
@ -66,8 +67,8 @@ CREATE TABLE IF NOT EXISTS oauth2_authorization_code_session (
REFERENCES user_opaque_identifier(identifier) ON UPDATE RESTRICT ON DELETE RESTRICT REFERENCES user_opaque_identifier(identifier) ON UPDATE RESTRICT ON DELETE RESTRICT
); );
INSERT INTO oauth2_authorization_code_session (id, challenge_id, request_id, client_id, signature, subject, requested_at, requested_scopes, granted_scopes, requested_audience, granted_audience, active, revoked, form_data, session_data) INSERT INTO oauth2_authorization_code_session (challenge_id, request_id, client_id, signature, subject, requested_at, requested_scopes, granted_scopes, requested_audience, granted_audience, active, revoked, form_data, session_data)
SELECT id, challenge_id, request_id, client_id, signature, subject, requested_at, requested_scopes, granted_scopes, requested_audience, granted_audience, active, revoked, form_data, session_data SELECT challenge_id, request_id, client_id, signature, subject, requested_at, requested_scopes, granted_scopes, requested_audience, granted_audience, active, revoked, form_data, session_data
FROM _bkp_UP_V0005_oauth2_authorization_code_session FROM _bkp_UP_V0005_oauth2_authorization_code_session
ORDER BY id; ORDER BY id;
@ -108,8 +109,8 @@ CREATE TABLE IF NOT EXISTS oauth2_access_token_session (
REFERENCES user_opaque_identifier(identifier) ON UPDATE RESTRICT ON DELETE RESTRICT REFERENCES user_opaque_identifier(identifier) ON UPDATE RESTRICT ON DELETE RESTRICT
); );
INSERT INTO oauth2_access_token_session (id, challenge_id, request_id, client_id, signature, subject, requested_at, requested_scopes, granted_scopes, requested_audience, granted_audience, active, revoked, form_data, session_data) INSERT INTO oauth2_access_token_session (challenge_id, request_id, client_id, signature, subject, requested_at, requested_scopes, granted_scopes, requested_audience, granted_audience, active, revoked, form_data, session_data)
SELECT id, challenge_id, request_id, client_id, signature, subject, requested_at, requested_scopes, granted_scopes, requested_audience, granted_audience, active, revoked, form_data, session_data SELECT challenge_id, request_id, client_id, signature, subject, requested_at, requested_scopes, granted_scopes, requested_audience, granted_audience, active, revoked, form_data, session_data
FROM _bkp_UP_V0005_oauth2_access_token_session FROM _bkp_UP_V0005_oauth2_access_token_session
ORDER BY id; ORDER BY id;
@ -150,8 +151,8 @@ CREATE TABLE IF NOT EXISTS oauth2_refresh_token_session (
REFERENCES user_opaque_identifier(identifier) ON UPDATE RESTRICT ON DELETE RESTRICT REFERENCES user_opaque_identifier(identifier) ON UPDATE RESTRICT ON DELETE RESTRICT
); );
INSERT INTO oauth2_refresh_token_session (id, challenge_id, request_id, client_id, signature, subject, requested_at, requested_scopes, granted_scopes, requested_audience, granted_audience, active, revoked, form_data, session_data) INSERT INTO oauth2_refresh_token_session (challenge_id, request_id, client_id, signature, subject, requested_at, requested_scopes, granted_scopes, requested_audience, granted_audience, active, revoked, form_data, session_data)
SELECT id, challenge_id, request_id, client_id, signature, subject, requested_at, requested_scopes, granted_scopes, requested_audience, granted_audience, active, revoked, form_data, session_data SELECT challenge_id, request_id, client_id, signature, subject, requested_at, requested_scopes, granted_scopes, requested_audience, granted_audience, active, revoked, form_data, session_data
FROM _bkp_UP_V0005_oauth2_refresh_token_session FROM _bkp_UP_V0005_oauth2_refresh_token_session
ORDER BY id; ORDER BY id;
@ -192,8 +193,8 @@ CREATE TABLE IF NOT EXISTS oauth2_pkce_request_session (
REFERENCES user_opaque_identifier(identifier) ON UPDATE RESTRICT ON DELETE RESTRICT REFERENCES user_opaque_identifier(identifier) ON UPDATE RESTRICT ON DELETE RESTRICT
); );
INSERT INTO oauth2_pkce_request_session (id, challenge_id, request_id, client_id, signature, subject, requested_at, requested_scopes, granted_scopes, requested_audience, granted_audience, active, revoked, form_data, session_data) INSERT INTO oauth2_pkce_request_session (challenge_id, request_id, client_id, signature, subject, requested_at, requested_scopes, granted_scopes, requested_audience, granted_audience, active, revoked, form_data, session_data)
SELECT id, challenge_id, request_id, client_id, signature, subject, requested_at, requested_scopes, granted_scopes, requested_audience, granted_audience, active, revoked, form_data, session_data SELECT challenge_id, request_id, client_id, signature, subject, requested_at, requested_scopes, granted_scopes, requested_audience, granted_audience, active, revoked, form_data, session_data
FROM _bkp_UP_V0005_oauth2_pkce_request_session FROM _bkp_UP_V0005_oauth2_pkce_request_session
ORDER BY id; ORDER BY id;
@ -234,8 +235,8 @@ CREATE TABLE IF NOT EXISTS oauth2_openid_connect_session (
REFERENCES user_opaque_identifier(identifier) ON UPDATE RESTRICT ON DELETE RESTRICT REFERENCES user_opaque_identifier(identifier) ON UPDATE RESTRICT ON DELETE RESTRICT
); );
INSERT INTO oauth2_openid_connect_session (id, challenge_id, request_id, client_id, signature, subject, requested_at, requested_scopes, granted_scopes, requested_audience, granted_audience, active, revoked, form_data, session_data) INSERT INTO oauth2_openid_connect_session (challenge_id, request_id, client_id, signature, subject, requested_at, requested_scopes, granted_scopes, requested_audience, granted_audience, active, revoked, form_data, session_data)
SELECT id, challenge_id, request_id, client_id, signature, subject, requested_at, requested_scopes, granted_scopes, requested_audience, granted_audience, active, revoked, form_data, session_data SELECT challenge_id, request_id, client_id, signature, subject, requested_at, requested_scopes, granted_scopes, requested_audience, granted_audience, active, revoked, form_data, session_data
FROM _bkp_UP_V0005_oauth2_openid_connect_session FROM _bkp_UP_V0005_oauth2_openid_connect_session
ORDER BY id; ORDER BY id;