Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add name to foreign keys #659

Merged
merged 4 commits into from
Oct 24, 2023
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,7 @@
import static java.lang.String.format;
import static org.hamcrest.Matchers.containsString;
import static org.hamcrest.Matchers.equalTo;
import static org.hamcrest.Matchers.greaterThan;
import static org.hamcrest.Matchers.greaterThanOrEqualTo;
import static org.hamcrest.Matchers.hasSize;
import static org.hamcrest.MatcherAssert.assertThat;
import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.post;
Expand Down Expand Up @@ -89,7 +89,7 @@ public void approveGroupRequestAsAdmin() throws Exception {
// @formatter:on

GroupRequestDto result = mapper.readValue(response, GroupRequestDto.class);
assertThat(result.getLastUpdateTime(), greaterThan(result.getCreationTime()));
assertThat(result.getLastUpdateTime(), greaterThanOrEqualTo(result.getCreationTime()));

int mailCount = notificationService.countPendingNotifications();
assertThat(mailCount, equalTo(1));
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -16,11 +16,11 @@
package it.infn.mw.iam.test.api.requests;

import static java.lang.String.format;
import static org.hamcrest.MatcherAssert.assertThat;
import static org.hamcrest.Matchers.containsString;
import static org.hamcrest.Matchers.equalTo;
import static org.hamcrest.Matchers.greaterThan;
import static org.hamcrest.Matchers.greaterThanOrEqualTo;
import static org.hamcrest.Matchers.hasSize;
import static org.hamcrest.MatcherAssert.assertThat;
import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.post;
import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.jsonPath;
import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
Expand Down Expand Up @@ -95,7 +95,7 @@ public void rejectGroupRequestAsAdmin() throws Exception {
.getContentAsString();
// @formatter:on
GroupRequestDto result = mapper.readValue(response, GroupRequestDto.class);
assertThat(result.getLastUpdateTime(), greaterThan(result.getCreationTime()));
assertThat(result.getLastUpdateTime(), greaterThanOrEqualTo(result.getCreationTime()));

int mailCount = notificationService.countPendingNotifications();
assertThat(mailCount, equalTo(1));
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -127,7 +127,7 @@ public void testClientRegistrationAccessTokenWorks() throws Exception {
mvc
.perform(get(registrationUri).contentType(APPLICATION_JSON)
.header("Authorization", "Bearer " + rat))
.andExpect(status().isNotFound());
.andExpect(status().isUnauthorized());
}

@Test
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -15,17 +15,23 @@
*/
package it.infn.mw.iam.test.repository;

import static org.assertj.core.api.Assertions.assertThat;
import static org.hamcrest.CoreMatchers.is;
import static org.hamcrest.MatcherAssert.assertThat;
import static org.hamcrest.Matchers.hasSize;

import java.util.Calendar;
import java.util.Date;

import org.apache.commons.lang.time.DateUtils;
import org.junit.Before;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.mitre.oauth2.model.AuthenticationHolderEntity;
import org.mitre.oauth2.model.ClientDetailsEntity;
import org.mitre.oauth2.model.OAuth2AccessTokenEntity;
import org.mitre.oauth2.model.OAuth2RefreshTokenEntity;
import org.mitre.oauth2.repository.AuthenticationHolderRepository;
import org.mitre.oauth2.service.ClientDetailsEntityService;
import org.mitre.oauth2.service.impl.DefaultOAuth2ProviderTokenService;
import org.springframework.beans.factory.annotation.Autowired;
Expand Down Expand Up @@ -59,12 +65,21 @@ public class IamTokenRepositoryTests {
@Autowired
private IamOAuthRefreshTokenRepository refreshTokenRepo;

@Autowired
private AuthenticationHolderRepository authenticationHolderRepo;

@Autowired
private ClientDetailsEntityService clientDetailsService;

@Autowired
private DefaultOAuth2ProviderTokenService tokenService;

@Before
public void setup() {
accessTokenRepo.deleteAll();
refreshTokenRepo.deleteAll();
}

private OAuth2Authentication oauth2Authentication(ClientDetailsEntity client, String username) {

String[] scopes = {};
Expand Down Expand Up @@ -164,4 +179,36 @@ public void testRepositoryDoesntRelyOnDbTime() {
assertThat(refreshTokenRepo.findValidRefreshTokensForUser(TEST_347_USER, now), hasSize(1));
}

@Test
public void testTokenNoCascadeDeletion() {
OAuth2AccessTokenEntity at = buildAccessToken(loadTestClient(), TEST_347_USER);
OAuth2RefreshTokenEntity rt = at.getRefreshToken();
AuthenticationHolderEntity ah = at.getAuthenticationHolder();
accessTokenRepo.delete(at);
assertThat(refreshTokenRepo.findById(rt.getId()).isEmpty(), is(false));
assertThat(authenticationHolderRepo.getById(ah.getId()) != null, is(true));
refreshTokenRepo.delete(rt);
assertThat(refreshTokenRepo.findById(rt.getId()).isEmpty(), is(true));
assertThat(authenticationHolderRepo.getById(ah.getId()) != null, is(true));
authenticationHolderRepo.remove(ah);
assertThat(authenticationHolderRepo.getById(ah.getId()) != null, is(false));
}

@Test
public void testTokenCascadeDeletion() {
OAuth2AccessTokenEntity at = buildAccessToken(loadTestClient(), TEST_347_USER);
accessTokenRepo.save(at);
OAuth2RefreshTokenEntity rt = at.getRefreshToken();
refreshTokenRepo.save(rt);
AuthenticationHolderEntity ah = at.getAuthenticationHolder();
authenticationHolderRepo.save(ah);
assertThat(accessTokenRepo.findAll()).hasSize(1);
assertThat(refreshTokenRepo.findAll()).hasSize(1);
assertThat(authenticationHolderRepo.getById(ah.getId()) != null, is(true));
authenticationHolderRepo.remove(ah);
assertThat(accessTokenRepo.findAll()).isEmpty();
assertThat(refreshTokenRepo.findAll()).isEmpty();
assertThat(authenticationHolderRepo.getById(ah.getId()) != null, is(false));
}

}
Original file line number Diff line number Diff line change
Expand Up @@ -3,87 +3,95 @@
DELETE from token_scope where owner_id not in (select id from access_token);
ALTER TABLE token_scope ALTER COLUMN owner_id SET NOT NULL;
ALTER TABLE token_scope ALTER COLUMN scope SET NOT NULL;
ALTER TABLE token_scope ADD FOREIGN KEY (owner_id) REFERENCES access_token (id) ON DELETE CASCADE;
ALTER TABLE token_scope ADD CONSTRAINT FK_token_scope_owner_id FOREIGN KEY (owner_id) REFERENCES access_token (id) ON DELETE CASCADE;

-- CLIENT_DETAILS related TABLES

DELETE FROM client_request_uri WHERE owner_id NOT IN (SELECT id FROM client_details);
ALTER TABLE client_request_uri ADD FOREIGN KEY (owner_id) REFERENCES client_details (id) ON DELETE CASCADE;
ALTER TABLE client_request_uri ADD CONSTRAINT FK_client_request_uri_owner_id FOREIGN KEY (owner_id) REFERENCES client_details (id) ON DELETE CASCADE;

DELETE FROM client_post_logout_redirect_uri WHERE owner_id NOT IN (SELECT id FROM client_details);
ALTER TABLE client_post_logout_redirect_uri ADD FOREIGN KEY (owner_id) REFERENCES client_details (id) ON DELETE CASCADE;
ALTER TABLE client_post_logout_redirect_uri ADD CONSTRAINT FK_client_post_logout_redirect_uri_owner_id FOREIGN KEY (owner_id) REFERENCES client_details (id) ON DELETE CASCADE;

DELETE FROM client_default_acr_value WHERE owner_id NOT IN (SELECT id FROM client_details);
ALTER TABLE client_default_acr_value ADD FOREIGN KEY (owner_id) REFERENCES client_details (id) ON DELETE CASCADE;
ALTER TABLE client_default_acr_value ADD CONSTRAINT FK_client_default_acr_value_owner_id FOREIGN KEY (owner_id) REFERENCES client_details (id) ON DELETE CASCADE;

DELETE FROM client_contact WHERE owner_id NOT IN (SELECT id FROM client_details);
ALTER TABLE client_contact ADD FOREIGN KEY (owner_id) REFERENCES client_details (id) ON DELETE CASCADE;
ALTER TABLE client_contact ADD CONSTRAINT FK_client_contact_owner_id FOREIGN KEY (owner_id) REFERENCES client_details (id) ON DELETE CASCADE;

DELETE FROM client_redirect_uri WHERE owner_id NOT IN (SELECT id FROM client_details);
ALTER TABLE client_redirect_uri ADD FOREIGN KEY (owner_id) REFERENCES client_details (id) ON DELETE CASCADE;
ALTER TABLE client_redirect_uri ADD CONSTRAINT FK_client_redirect_uri_owner_id FOREIGN KEY (owner_id) REFERENCES client_details (id) ON DELETE CASCADE;

DELETE FROM client_claims_redirect_uri WHERE owner_id NOT IN (SELECT id FROM client_details);
ALTER TABLE client_claims_redirect_uri ADD FOREIGN KEY (owner_id) REFERENCES client_details (id) ON DELETE CASCADE;
ALTER TABLE client_claims_redirect_uri ADD CONSTRAINT FK_client_claims_redirect_uri_owner_id FOREIGN KEY (owner_id) REFERENCES client_details (id) ON DELETE CASCADE;

DELETE FROM client_scope WHERE owner_id NOT IN (SELECT id FROM client_details);
ALTER TABLE client_scope ADD FOREIGN KEY (owner_id) REFERENCES client_details (id) ON DELETE CASCADE;
ALTER TABLE client_scope ADD CONSTRAINT FK_client_scope_owner_id FOREIGN KEY (owner_id) REFERENCES client_details (id) ON DELETE CASCADE;

-- AUTHENTICATION HOLDER and related

DELETE FROM authentication_holder_scope WHERE owner_id NOT IN (SELECT id FROM authentication_holder);
ALTER TABLE authentication_holder_scope ADD FOREIGN KEY (owner_id) REFERENCES authentication_holder (id) ON DELETE CASCADE;
ALTER TABLE authentication_holder_scope ADD CONSTRAINT FK_authentication_holder_scope_owner_id FOREIGN KEY (owner_id) REFERENCES authentication_holder (id) ON DELETE CASCADE;

DELETE FROM authentication_holder_response_type WHERE owner_id NOT IN (SELECT id FROM authentication_holder);
ALTER TABLE authentication_holder_response_type ADD FOREIGN KEY (owner_id) REFERENCES authentication_holder (id) ON DELETE CASCADE;
ALTER TABLE authentication_holder_response_type ADD CONSTRAINT FK_authentication_holder_response_type_owner_id FOREIGN KEY (owner_id) REFERENCES authentication_holder (id) ON DELETE CASCADE;

DELETE FROM authentication_holder_resource_id WHERE owner_id NOT IN (SELECT id FROM authentication_holder);
ALTER TABLE authentication_holder_resource_id ADD FOREIGN KEY (owner_id) REFERENCES authentication_holder (id) ON DELETE CASCADE;
ALTER TABLE authentication_holder_resource_id ADD CONSTRAINT FK_authentication_holder_resource_id_owner_id FOREIGN KEY (owner_id) REFERENCES authentication_holder (id) ON DELETE CASCADE;

DELETE FROM authentication_holder_request_parameter WHERE owner_id NOT IN (SELECT id FROM authentication_holder);
ALTER TABLE authentication_holder_request_parameter ADD FOREIGN KEY (owner_id) REFERENCES authentication_holder (id) ON DELETE CASCADE;
ALTER TABLE authentication_holder_request_parameter ADD CONSTRAINT FK_authentication_holder_request_parameter_owner_id FOREIGN KEY (owner_id) REFERENCES authentication_holder (id) ON DELETE CASCADE;

DELETE FROM authentication_holder_extension WHERE owner_id NOT IN (SELECT id FROM authentication_holder);
ALTER TABLE authentication_holder_extension ADD FOREIGN KEY (owner_id) REFERENCES authentication_holder (id) ON DELETE CASCADE;
ALTER TABLE authentication_holder_extension ADD CONSTRAINT FK_authentication_holder_extension_owner_id FOREIGN KEY (owner_id) REFERENCES authentication_holder (id) ON DELETE CASCADE;

DELETE FROM authentication_holder_authority WHERE owner_id NOT IN (SELECT id FROM authentication_holder);
ALTER TABLE authentication_holder_authority ADD FOREIGN KEY (owner_id) REFERENCES authentication_holder (id) ON DELETE CASCADE;
ALTER TABLE authentication_holder_authority ADD CONSTRAINT FK_authentication_holder_authority_owner_id FOREIGN KEY (owner_id) REFERENCES authentication_holder (id) ON DELETE CASCADE;

DELETE FROM authentication_holder
WHERE id NOT IN (SELECT auth_holder_id FROM access_token)
AND id NOT IN (SELECT auth_holder_id FROM refresh_token)
AND id NOT IN (SELECT auth_holder_id FROM authorization_code);

DELETE FROM authentication_holder WHERE user_auth_id NOT IN (SELECT id FROM saved_user_auth);
ALTER TABLE authentication_holder ADD FOREIGN KEY (user_auth_id) REFERENCES saved_user_auth (id) ON DELETE CASCADE;
ALTER TABLE authentication_holder ADD CONSTRAINT FK_authentication_holder_user_auth_id FOREIGN KEY (user_auth_id) REFERENCES saved_user_auth (id) ON DELETE CASCADE;
DELETE FROM authentication_holder WHERE client_id NOT IN (SELECT client_id FROM client_details);
ALTER TABLE authentication_holder ADD FOREIGN KEY (client_id) REFERENCES client_details (client_id) ON UPDATE CASCADE ON DELETE CASCADE;
ALTER TABLE authentication_holder ADD CONSTRAINT FK_authentication_holder_client_id FOREIGN KEY (client_id) REFERENCES client_details (client_id) ON UPDATE CASCADE ON DELETE CASCADE;

-- ACCESS TOKEN TABLE and related

DELETE FROM access_token_permissions WHERE access_token_id NOT IN (SELECT id FROM access_token);
DELETE FROM access_token_permissions WHERE permission_id NOT IN (SELECT id FROM permission);

ALTER TABLE access_token_permissions ADD PRIMARY KEY (access_token_id, permission_id);
ALTER TABLE access_token_permissions ADD FOREIGN KEY (access_token_id) REFERENCES access_token (id) ON DELETE CASCADE;
ALTER TABLE access_token_permissions ADD FOREIGN KEY (permission_id) REFERENCES permission (id) ON DELETE CASCADE;
ALTER TABLE access_token_permissions ADD CONSTRAINT FK_access_token_permissions_access_token_id FOREIGN KEY (access_token_id) REFERENCES access_token (id) ON DELETE CASCADE;
ALTER TABLE access_token_permissions ADD CONSTRAINT FK_access_token_permissions_permission_id FOREIGN KEY (permission_id) REFERENCES permission (id) ON DELETE CASCADE;

DELETE FROM access_token WHERE refresh_token_id NOT IN (SELECT id FROM refresh_token);
DELETE FROM access_token WHERE client_id NOT IN (SELECT id FROM client_details);
DELETE FROM access_token WHERE auth_holder_id NOT IN (SELECT id FROM authentication_holder);

ALTER TABLE access_token ADD FOREIGN KEY (refresh_token_id) REFERENCES refresh_token (id) ON DELETE SET NULL;
ALTER TABLE access_token ADD FOREIGN KEY (client_id) REFERENCES client_details (id) ON DELETE SET NULL;
ALTER TABLE access_token ADD FOREIGN KEY (auth_holder_id) REFERENCES authentication_holder (id) ON DELETE SET NULL;
ALTER TABLE access_token ADD CONSTRAINT FK_access_token_refresh_token_id FOREIGN KEY (refresh_token_id) REFERENCES refresh_token (id) ON DELETE CASCADE;
ALTER TABLE access_token ADD CONSTRAINT FK_access_token_client_id FOREIGN KEY (client_id) REFERENCES client_details (id) ON DELETE CASCADE;
ALTER TABLE access_token ADD CONSTRAINT FK_access_token_auth_holder_id FOREIGN KEY (auth_holder_id) REFERENCES authentication_holder (id) ON DELETE CASCADE;

-- REFRESH TOKEN

DELETE FROM refresh_token WHERE client_id NOT IN (SELECT id FROM client_details);
ALTER TABLE refresh_token ADD FOREIGN KEY (client_id) REFERENCES client_details (id) ON DELETE SET NULL;
ALTER TABLE refresh_token ADD CONSTRAINT FK_refresh_token_client_id FOREIGN KEY (client_id) REFERENCES client_details (id) ON DELETE CASCADE;

DELETE FROM refresh_token WHERE auth_holder_id NOT IN (SELECT id FROM authentication_holder);
ALTER TABLE refresh_token ADD CONSTRAINT FK_refresh_token_auth_holder_id FOREIGN KEY (auth_holder_id) REFERENCES authentication_holder (id) ON DELETE CASCADE;

-- AUTHORIZATION CODE

DELETE FROM authorization_code WHERE auth_holder_id NOT IN (SELECT id FROM authentication_holder);
ALTER TABLE authorization_code ADD CONSTRAINT FK_authorization_code_auth_holder_id FOREIGN KEY (auth_holder_id) REFERENCES authentication_holder (id) ON DELETE CASCADE;

-- APPROVED SITE

DELETE FROM approved_site WHERE client_id NOT IN (SELECT id FROM client_details);
ALTER TABLE approved_site ADD FOREIGN KEY (client_id) REFERENCES client_details (client_id) ON UPDATE CASCADE ON DELETE SET NULL;
ALTER TABLE approved_site ADD CONSTRAINT FK_approved_site_client_id FOREIGN KEY (client_id) REFERENCES client_details (client_id) ON UPDATE CASCADE ON DELETE CASCADE;

DELETE FROM approved_site_scope WHERE owner_id NOT IN (SELECT id FROM approved_site);
ALTER TABLE approved_site_scope ADD FOREIGN KEY (owner_id) REFERENCES approved_site (id) ON DELETE CASCADE;
ALTER TABLE approved_site_scope ADD CONSTRAINT FK_approved_site_scope_owner_id FOREIGN KEY (owner_id) REFERENCES approved_site (id) ON DELETE CASCADE;
Loading
Loading