From b1725115e368adc800d64ba1a700e754f7ba15bf Mon Sep 17 00:00:00 2001 From: Thomas Avery <43214426+Thomas-Avery@users.noreply.github.com> Date: Tue, 29 Aug 2023 17:15:07 -0500 Subject: [PATCH] [SM-823] ApiKey table follow up (#3183) * dbo_future -> dbo * DbScripts_future -> DbScripts * Remove deprecated property * Move data_migration -> DbScripts --- .../Models/Data/ApiKeyDetails.cs | 2 - src/Identity/IdentityServer/ClientStore.cs | 5 --- .../ApiKey/ApiKey_Create.sql | 15 ++----- src/Sql/SecretsManager/dbo/Tables/ApiKey.sql | 1 - .../Stored Procedures/ApiKey_Create.sql | 42 ------------------- src/Sql/dbo_future/Tables/ApiKey.sql | 18 -------- ...8-10_00_ClientSecretHashDataMigration.sql} | 6 +-- .../2023-08-10_01_RemoveClientSecret.sql} | 4 +- 8 files changed, 8 insertions(+), 85 deletions(-) delete mode 100644 src/Sql/dbo_future/Stored Procedures/ApiKey_Create.sql delete mode 100644 src/Sql/dbo_future/Tables/ApiKey.sql rename util/Migrator/{DbScripts_data_migration/2023-05-16_00_ClientSecretHashDataMigration.sql => DbScripts/2023-08-10_00_ClientSecretHashDataMigration.sql} (88%) rename util/Migrator/{DbScripts_future/2023-06-FutureMigration.sql => DbScripts/2023-08-10_01_RemoveClientSecret.sql} (96%) diff --git a/src/Core/SecretsManager/Models/Data/ApiKeyDetails.cs b/src/Core/SecretsManager/Models/Data/ApiKeyDetails.cs index 2c8c3d4692..f8945e9610 100644 --- a/src/Core/SecretsManager/Models/Data/ApiKeyDetails.cs +++ b/src/Core/SecretsManager/Models/Data/ApiKeyDetails.cs @@ -4,8 +4,6 @@ namespace Bit.Core.SecretsManager.Models.Data; public class ApiKeyDetails : ApiKey { - public string ClientSecret { get; set; } // Deprecated as of 2023-05-17 - protected ApiKeyDetails() { } protected ApiKeyDetails(ApiKey apiKey) diff --git a/src/Identity/IdentityServer/ClientStore.cs b/src/Identity/IdentityServer/ClientStore.cs index f7987b9baf..e2fd33c9db 100644 --- a/src/Identity/IdentityServer/ClientStore.cs +++ b/src/Identity/IdentityServer/ClientStore.cs @@ -107,11 +107,6 @@ public class ClientStore : IClientStore break; } - if (string.IsNullOrEmpty(apiKey.ClientSecretHash)) - { - apiKey.ClientSecretHash = apiKey.ClientSecret.Sha256(); - } - var client = new Client { ClientId = clientId, diff --git a/src/Sql/SecretsManager/dbo/Stored Procedures/ApiKey/ApiKey_Create.sql b/src/Sql/SecretsManager/dbo/Stored Procedures/ApiKey/ApiKey_Create.sql index e72316ef49..e9440026a9 100644 --- a/src/Sql/SecretsManager/dbo/Stored Procedures/ApiKey/ApiKey_Create.sql +++ b/src/Sql/SecretsManager/dbo/Stored Procedures/ApiKey/ApiKey_Create.sql @@ -2,8 +2,7 @@ CREATE PROCEDURE [dbo].[ApiKey_Create] @Id UNIQUEIDENTIFIER OUTPUT, @ServiceAccountId UNIQUEIDENTIFIER, @Name VARCHAR(200), - @ClientSecret VARCHAR(30) = 'migrated', -- Deprecated as of 2023-05-17 - @ClientSecretHash VARCHAR(128) = NULL, + @ClientSecretHash VARCHAR(128), @Scope NVARCHAR(4000), @EncryptedPayload NVARCHAR(4000), @Key VARCHAR(MAX), @@ -14,18 +13,11 @@ AS BEGIN SET NOCOUNT ON - IF (@ClientSecretHash IS NULL) - BEGIN - DECLARE @hb VARBINARY(128) = HASHBYTES('SHA2_256', @ClientSecret); - SET @ClientSecretHash = CAST(N'' as xml).value('xs:base64Binary(sql:variable("@hb"))', 'VARCHAR(128)'); - END - - INSERT INTO [dbo].[ApiKey] + INSERT INTO [dbo].[ApiKey] ( [Id], [ServiceAccountId], [Name], - [ClientSecret], [ClientSecretHash], [Scope], [EncryptedPayload], @@ -34,12 +26,11 @@ BEGIN [CreationDate], [RevisionDate] ) - VALUES + VALUES ( @Id, @ServiceAccountId, @Name, - @ClientSecret, @ClientSecretHash, @Scope, @EncryptedPayload, diff --git a/src/Sql/SecretsManager/dbo/Tables/ApiKey.sql b/src/Sql/SecretsManager/dbo/Tables/ApiKey.sql index 5761d45e48..051339f3ad 100644 --- a/src/Sql/SecretsManager/dbo/Tables/ApiKey.sql +++ b/src/Sql/SecretsManager/dbo/Tables/ApiKey.sql @@ -2,7 +2,6 @@ [Id] UNIQUEIDENTIFIER, [ServiceAccountId] UNIQUEIDENTIFIER NULL, [Name] VARCHAR(200) NOT NULL, - [ClientSecret] VARCHAR(30) NOT NULL, [ClientSecretHash] VARCHAR(128) NULL, [Scope] NVARCHAR (4000) NOT NULL, [EncryptedPayload] NVARCHAR (4000) NOT NULL, diff --git a/src/Sql/dbo_future/Stored Procedures/ApiKey_Create.sql b/src/Sql/dbo_future/Stored Procedures/ApiKey_Create.sql deleted file mode 100644 index 241881efdd..0000000000 --- a/src/Sql/dbo_future/Stored Procedures/ApiKey_Create.sql +++ /dev/null @@ -1,42 +0,0 @@ -CREATE PROCEDURE [dbo].[ApiKey_Create] - @Id UNIQUEIDENTIFIER OUTPUT, - @ServiceAccountId UNIQUEIDENTIFIER, - @Name VARCHAR(200), - @ClientSecretHash VARCHAR(128), - @Scope NVARCHAR(4000), - @EncryptedPayload NVARCHAR(4000), - @Key VARCHAR(MAX), - @ExpireAt DATETIME2(7), - @CreationDate DATETIME2(7), - @RevisionDate DATETIME2(7) -AS -BEGIN - SET NOCOUNT ON - - INSERT INTO [dbo].[ApiKey] - ( - [Id], - [ServiceAccountId], - [Name], - [ClientSecretHash], - [Scope], - [EncryptedPayload], - [Key], - [ExpireAt], - [CreationDate], - [RevisionDate] - ) - VALUES - ( - @Id, - @ServiceAccountId, - @Name, - @ClientSecretHash, - @Scope, - @EncryptedPayload, - @Key, - @ExpireAt, - @CreationDate, - @RevisionDate - ) -END diff --git a/src/Sql/dbo_future/Tables/ApiKey.sql b/src/Sql/dbo_future/Tables/ApiKey.sql deleted file mode 100644 index 70400d5ed4..0000000000 --- a/src/Sql/dbo_future/Tables/ApiKey.sql +++ /dev/null @@ -1,18 +0,0 @@ -CREATE TABLE [dbo].[ApiKey] ( - [Id] UNIQUEIDENTIFIER, - [ServiceAccountId] UNIQUEIDENTIFIER NULL, - [Name] VARCHAR(200) NOT NULL, - [ClientSecretHash] VARCHAR(128) NULL, - [Scope] NVARCHAR (4000) NOT NULL, - [EncryptedPayload] NVARCHAR (4000) NOT NULL, - [Key] VARCHAR (MAX) NOT NULL, - [ExpireAt] DATETIME2(7) NULL, - [CreationDate] DATETIME2(7) NOT NULL, - [RevisionDate] DATETIME2(7) NOT NULL, - CONSTRAINT [PK_ApiKey] PRIMARY KEY CLUSTERED ([Id] ASC), - CONSTRAINT [FK_ApiKey_ServiceAccountId] FOREIGN KEY ([ServiceAccountId]) REFERENCES [dbo].[ServiceAccount] ([Id]) -); - -GO -CREATE NONCLUSTERED INDEX [IX_ApiKey_ServiceAccountId] - ON [dbo].[ApiKey]([ServiceAccountId] ASC); diff --git a/util/Migrator/DbScripts_data_migration/2023-05-16_00_ClientSecretHashDataMigration.sql b/util/Migrator/DbScripts/2023-08-10_00_ClientSecretHashDataMigration.sql similarity index 88% rename from util/Migrator/DbScripts_data_migration/2023-05-16_00_ClientSecretHashDataMigration.sql rename to util/Migrator/DbScripts/2023-08-10_00_ClientSecretHashDataMigration.sql index 5d8261f930..66869d48b7 100644 --- a/util/Migrator/DbScripts_data_migration/2023-05-16_00_ClientSecretHashDataMigration.sql +++ b/util/Migrator/DbScripts/2023-08-10_00_ClientSecretHashDataMigration.sql @@ -1,7 +1,7 @@ /* This is the data migration script for the client secret hash updates. The initial migration util/Migrator/DbScripts/2023-05-16_00_ClientSecretHash.sql should be run prior. -The final migration is in util/Migrator/DbScripts_future/2023-06-FutureMigration.sql. +The final migration is in util/Migrator/DbScripts/2023-08-10_01_RemoveClientSecret */ IF COL_LENGTH('[dbo].[ApiKey]', 'ClientSecretHash') IS NOT NULL AND COL_LENGTH('[dbo].[ApiKey]', 'ClientSecret') IS NOT NULL BEGIN @@ -9,7 +9,7 @@ BEGIN -- Add index IF NOT EXISTS(SELECT name FROM sys.indexes WHERE name = 'IX_ApiKey_ClientSecretHash') BEGIN - CREATE NONCLUSTERED INDEX [IX_ApiKey_ClientSecretHash] + CREATE NONCLUSTERED INDEX [IX_ApiKey_ClientSecretHash] ON [dbo].[ApiKey]([ClientSecretHash] ASC) WITH (ONLINE = ON) END @@ -30,7 +30,7 @@ BEGIN WHERE [ClientSecretHash] IS NULL SET @BatchSize = @@ROWCOUNT - + COMMIT TRANSACTION Migrate_ClientSecretHash END diff --git a/util/Migrator/DbScripts_future/2023-06-FutureMigration.sql b/util/Migrator/DbScripts/2023-08-10_01_RemoveClientSecret.sql similarity index 96% rename from util/Migrator/DbScripts_future/2023-06-FutureMigration.sql rename to util/Migrator/DbScripts/2023-08-10_01_RemoveClientSecret.sql index 273c4625f1..f9d4b82185 100644 --- a/util/Migrator/DbScripts_future/2023-06-FutureMigration.sql +++ b/util/Migrator/DbScripts/2023-08-10_01_RemoveClientSecret.sql @@ -36,7 +36,7 @@ AS BEGIN SET NOCOUNT ON - INSERT INTO [dbo].[ApiKey] + INSERT INTO [dbo].[ApiKey] ( [Id], [ServiceAccountId], @@ -49,7 +49,7 @@ BEGIN [CreationDate], [RevisionDate] ) - VALUES + VALUES ( @Id, @ServiceAccountId,