fix: UAA delete user endpoint returns false error during upgrade cana…

…ry deployment - fixes #2789 (see bug root cause in the issue) - by bringing back the MFA-related tables exactly as they were [#187240345]
cloudfoundry · Mar 18, 2024 · d702099 · d702099
1 parent 03819dc
commit d702099
Show file tree

Hide file tree

Showing 4 changed files with 84 additions and 0 deletions.
diff --git a/README.md b/README.md
@@ -187,6 +187,7 @@ List of relations
  public | groups                        | table    | root
  public | identity_provider             | table    | root
  public | identity_zone                 | table    | root
+ public | mfa_providers                 | table    | root
  public | oauth_client_details          | table    | root
  public | oauth_code                    | table    | root
  public | oauth_code_id_seq             | sequence | root
@@ -196,6 +197,7 @@ List of relations
  public | sec_audit_id_seq              | sequence | root
  public | spring_session                | table    | root
  public | spring_session_attributes     | table    | root
+ public | user_google_mfa_credentials   | table    | root
  public | user_info                     | table    | root
  public | users                         | table    | root
 (23 rows)

diff --git a/...src/main/resources/org/cloudfoundry/identity/uaa/db/hsqldb/V4_108__Restore_MFA_Tables.sql b/...src/main/resources/org/cloudfoundry/identity/uaa/db/hsqldb/V4_108__Restore_MFA_Tables.sql
@@ -0,0 +1,27 @@
+-- These tables were previously dropped in https://github.com/cloudfoundry/uaa/pull/2717
+-- Restoring them here due to https://github.com/cloudfoundry/uaa/issues/2789
+-- Can consider dropping these again in the future (e.g. at UAA V78/79, when most users
+-- will no longer experience issue #2789)
+CREATE TABLE mfa_providers (
+  id CHAR(36) NOT NULL PRIMARY KEY,
+  created TIMESTAMP DEFAULT CURRENT_TIMESTAMP NOT NULL,
+  lastmodified TIMESTAMP DEFAULT CURRENT_TIMESTAMP NOT NULL,
+  identity_zone_id varchar(36) NOT NULL,
+  name varchar(255) NOT NULL,
+  type varchar(255) NOT NULL,
+  config LONGVARCHAR
+);
+
+CREATE UNIQUE INDEX idx_mfa_unique_name ON mfa_providers (identity_zone_id,name);
+
+CREATE TABLE user_google_mfa_credentials (
+  user_id VARCHAR(36) NOT NULL,
+  secret_key VARCHAR(255) NOT NULL,
+  validation_code INTEGER,
+  scratch_codes VARCHAR(255) NOT NULL,
+  mfa_provider_id CHAR(36) NOT NULL,
+  zone_id CHAR(36) NOT NULL,
+  encryption_key_label VARCHAR(255),
+  encrypted_validation_code VARCHAR(255) NULL,
+  PRIMARY KEY (user_id,mfa_provider_id)
+);
diff --git a/.../src/main/resources/org/cloudfoundry/identity/uaa/db/mysql/V4_108__Restore_MFA_Tables.sql b/.../src/main/resources/org/cloudfoundry/identity/uaa/db/mysql/V4_108__Restore_MFA_Tables.sql
@@ -0,0 +1,27 @@
+-- These tables were previously dropped in https://github.com/cloudfoundry/uaa/pull/2717
+-- Restoring them here due to https://github.com/cloudfoundry/uaa/issues/2789
+-- Can consider dropping these again in the future (e.g. at UAA V78/79, when most users
+-- will no longer experience issue #2789)
+CREATE TABLE `mfa_providers` IF NOT EXISTS (
+  `id` varchar(36) NOT NULL,
+  `created` TIMESTAMP default current_timestamp NOT NULL,
+  `lastModified` TIMESTAMP null,
+  `identity_zone_id` varchar(36) NOT NULL,
+  `name` varchar(255) NOT NULL,
+  `type` varchar(255) NOT NULL,
+  `config` longtext,
+  PRIMARY KEY (`id`),
+  UNIQUE KEY `idx_mfa_unique_name` (`identity_zone_id`,`name`)
+);
+
+CREATE TABLE `user_google_mfa_credentials` IF NOT EXISTS (
+  `user_id` VARCHAR(36) NOT NULL,
+  `secret_key` VARCHAR(255) NOT NULL,
+  `validation_code` INTEGER NULL,
+  `scratch_codes` VARCHAR(255) NOT NULL,
+  `mfa_provider_id` CHAR(36) NOT NULL,
+  `zone_id` CHAR(36) NOT NULL,
+  `encryption_key_label` VARCHAR(255),
+  `encrypted_validation_code` VARCHAR(255) NULL;
+  PRIMARY KEY (`user_id`,`mfa_provider_id`)
+);
diff --git a/...main/resources/org/cloudfoundry/identity/uaa/db/postgresql/V4_108__Restore_MFA_Tables.sql b/...main/resources/org/cloudfoundry/identity/uaa/db/postgresql/V4_108__Restore_MFA_Tables.sql
@@ -0,0 +1,28 @@
+-- These tables were previously dropped in https://github.com/cloudfoundry/uaa/pull/2717
+-- Restoring them here due to https://github.com/cloudfoundry/uaa/issues/2789
+-- Can consider dropping these again in the future (e.g. at UAA V78/79, when most users
+-- will no longer experience issue #2789)
+CREATE TABLE mfa_providers IF NOT EXISTS (
+  id VARCHAR(36) NOT NULL PRIMARY KEY,
+  created TIMESTAMP default current_timestamp NOT NULL,
+  lastModified TIMESTAMP null,
+  identity_zone_id VARCHAR(36) NOT NULL,
+  name VARCHAR(255) NOT NULL,
+  type VARCHAR(255) NOT NULL,
+  config TEXT
+);
+
+CREATE UNIQUE INDEX idx_mfa_unique_name ON mfa_providers (identity_zone_id,LOWER(name));
+
+CREATE TABLE user_google_mfa_credentials IF NOT EXISTS (
+  user_id VARCHAR(36) NOT NULL    PRIMARY KEY,
+  secret_key VARCHAR(255) NOT NULL,
+  validation_code INTEGER,
+  scratch_codes VARCHAR(255) NOT NULL,
+  mfa_provider_id CHAR(36) NOT NULL,
+  zone_id CHAR(36) NOT NULL,
+  encryption_key_label VARCHAR(255),
+  encrypted_validation_code VARCHAR(255) NULL
+);
+
+ALTER TABLE user_google_mfa_credentials ADD PRIMARY KEY (user_id,mfa_provider_id);