From 861bcc898f7ff50651a2c6814301c7d82e4daa2a Mon Sep 17 00:00:00 2001 From: James Elliott Date: Mon, 25 Apr 2022 17:53:38 +1000 Subject: [PATCH] refactor: ensure bad consent sessions and identifiers are deleted (#3241) --- .../storage/migrations/V0005.ConsentSubjectNULL.mysql.up.sql | 2 ++ .../migrations/V0005.ConsentSubjectNULL.postgres.up.sql | 2 ++ .../storage/migrations/V0005.ConsentSubjectNULL.sqlite.up.sql | 3 +++ 3 files changed, 7 insertions(+) diff --git a/internal/storage/migrations/V0005.ConsentSubjectNULL.mysql.up.sql b/internal/storage/migrations/V0005.ConsentSubjectNULL.mysql.up.sql index eac4de80..657db06b 100644 --- a/internal/storage/migrations/V0005.ConsentSubjectNULL.mysql.up.sql +++ b/internal/storage/migrations/V0005.ConsentSubjectNULL.mysql.up.sql @@ -1,3 +1,5 @@ +DELETE FROM oauth2_consent_session WHERE subject IN(SELECT identifier FROM user_opaque_identifier WHERE username = '' AND service IN('openid', 'openid_connect')); +DELETE FROM user_opaque_identifier WHERE username = '' AND service IN('openid', 'openid_connect'); ALTER TABLE oauth2_consent_session MODIFY subject CHAR(36) NULL DEFAULT NULL; ALTER TABLE oauth2_consent_session DROP FOREIGN KEY oauth2_consent_subject_fkey, diff --git a/internal/storage/migrations/V0005.ConsentSubjectNULL.postgres.up.sql b/internal/storage/migrations/V0005.ConsentSubjectNULL.postgres.up.sql index 0645384c..50cc4d22 100644 --- a/internal/storage/migrations/V0005.ConsentSubjectNULL.postgres.up.sql +++ b/internal/storage/migrations/V0005.ConsentSubjectNULL.postgres.up.sql @@ -1,3 +1,5 @@ +DELETE FROM oauth2_consent_session WHERE subject IN(SELECT identifier FROM user_opaque_identifier WHERE username = '' AND service IN('openid', 'openid_connect')); +DELETE FROM user_opaque_identifier WHERE username = '' AND service IN('openid', 'openid_connect'); ALTER TABLE oauth2_consent_session ALTER COLUMN subject DROP NOT NULL; ALTER TABLE oauth2_consent_session ALTER COLUMN subject SET DEFAULT NULL; ALTER TABLE oauth2_consent_session RENAME CONSTRAINT oauth2_consent_subject_fkey TO oauth2_consent_session_subject_fkey; diff --git a/internal/storage/migrations/V0005.ConsentSubjectNULL.sqlite.up.sql b/internal/storage/migrations/V0005.ConsentSubjectNULL.sqlite.up.sql index 3526a0c2..8f0a08f0 100644 --- a/internal/storage/migrations/V0005.ConsentSubjectNULL.sqlite.up.sql +++ b/internal/storage/migrations/V0005.ConsentSubjectNULL.sqlite.up.sql @@ -2,6 +2,9 @@ PRAGMA foreign_keys=off; BEGIN TRANSACTION; +DELETE FROM oauth2_consent_session WHERE subject IN(SELECT identifier FROM user_opaque_identifier WHERE username = '' AND service IN('openid', 'openid_connect')); +DELETE FROM user_opaque_identifier WHERE username = '' AND service IN('openid', 'openid_connect'); + ALTER TABLE oauth2_consent_session RENAME TO _bkp_UP_V0005_oauth2_consent_session; CREATE TABLE IF NOT EXISTS oauth2_consent_session (