[SM-823] ApiKey table follow up (#3183)

* dbo_future -> dbo

* DbScripts_future -> DbScripts

* Remove deprecated property

* Move data_migration -> DbScripts

src/Core/SecretsManager/Models/Data/ApiKeyDetails.cs

@@ -4,8 +4,6 @@ namespace Bit.Core.SecretsManager.Models.Data;
 
 public class ApiKeyDetails : ApiKey
 {
-    public string ClientSecret { get; set; } // Deprecated as of 2023-05-17
-
     protected ApiKeyDetails() { }
 
     protected ApiKeyDetails(ApiKey apiKey)

src/Identity/IdentityServer/ClientStore.cs

@@ -107,11 +107,6 @@ public class ClientStore : IClientStore
                 break;
         }
 
-        if (string.IsNullOrEmpty(apiKey.ClientSecretHash))
-        {
-            apiKey.ClientSecretHash = apiKey.ClientSecret.Sha256();
-        }
-
         var client = new Client
         {
             ClientId = clientId,

src/Sql/SecretsManager/dbo/Stored Procedures/ApiKey/ApiKey_Create.sql

@@ -2,8 +2,7 @@ CREATE PROCEDURE [dbo].[ApiKey_Create]
     @Id UNIQUEIDENTIFIER OUTPUT,
     @ServiceAccountId UNIQUEIDENTIFIER,
     @Name VARCHAR(200),
-    @ClientSecret VARCHAR(30) = 'migrated', -- Deprecated as of 2023-05-17
+    @ClientSecretHash VARCHAR(128),
-    @ClientSecretHash VARCHAR(128) = NULL,
     @Scope NVARCHAR(4000),
     @EncryptedPayload NVARCHAR(4000),
     @Key VARCHAR(MAX),
@@ -14,18 +13,11 @@ AS
 BEGIN
     SET NOCOUNT ON
 
-    IF (@ClientSecretHash IS NULL)
+    INSERT INTO [dbo].[ApiKey]
-    BEGIN
-      DECLARE @hb VARBINARY(128) = HASHBYTES('SHA2_256', @ClientSecret);
-      SET @ClientSecretHash = CAST(N'' as xml).value('xs:base64Binary(sql:variable("@hb"))', 'VARCHAR(128)');
-    END
-
-    INSERT INTO [dbo].[ApiKey] 
     (
         [Id],
         [ServiceAccountId],
         [Name],
-        [ClientSecret],
         [ClientSecretHash],
         [Scope],
         [EncryptedPayload],
@@ -34,12 +26,11 @@ BEGIN
         [CreationDate],
         [RevisionDate]
     )
-    VALUES 
+    VALUES
     (
         @Id,
         @ServiceAccountId,
         @Name,
-        @ClientSecret,
         @ClientSecretHash,
         @Scope,
         @EncryptedPayload,

src/Sql/SecretsManager/dbo/Tables/ApiKey.sql

@@ -2,7 +2,6 @@
     [Id]                    UNIQUEIDENTIFIER,
     [ServiceAccountId]      UNIQUEIDENTIFIER NULL,
     [Name]                  VARCHAR(200) NOT NULL,
-    [ClientSecret]          VARCHAR(30) NOT NULL,
     [ClientSecretHash]      VARCHAR(128) NULL,
     [Scope]                 NVARCHAR (4000) NOT NULL,
     [EncryptedPayload]      NVARCHAR (4000) NOT NULL,

src/Sql/dbo_future/Stored Procedures/ApiKey_Create.sql

@@ -1,42 +0,0 @@
-CREATE PROCEDURE [dbo].[ApiKey_Create]
-    @Id UNIQUEIDENTIFIER OUTPUT,
-    @ServiceAccountId UNIQUEIDENTIFIER,
-    @Name VARCHAR(200),
-    @ClientSecretHash VARCHAR(128),
-    @Scope NVARCHAR(4000),
-    @EncryptedPayload NVARCHAR(4000),
-    @Key VARCHAR(MAX),
-    @ExpireAt DATETIME2(7),
-    @CreationDate DATETIME2(7),
-    @RevisionDate DATETIME2(7)
-AS
-BEGIN
-    SET NOCOUNT ON
-
-    INSERT INTO [dbo].[ApiKey] 
-    (
-        [Id],
-        [ServiceAccountId],
-        [Name],
-        [ClientSecretHash],
-        [Scope],
-        [EncryptedPayload],
-        [Key],
-        [ExpireAt],
-        [CreationDate],
-        [RevisionDate]
-    )
-    VALUES 
-    (
-        @Id,
-        @ServiceAccountId,
-        @Name,
-        @ClientSecretHash,
-        @Scope,
-        @EncryptedPayload,
-        @Key,
-        @ExpireAt,
-        @CreationDate,
-        @RevisionDate
-    )
-END

src/Sql/dbo_future/Tables/ApiKey.sql

@@ -1,18 +0,0 @@
-CREATE TABLE [dbo].[ApiKey] (
-    [Id]               UNIQUEIDENTIFIER,
-    [ServiceAccountId] UNIQUEIDENTIFIER NULL,
-    [Name]             VARCHAR(200) NOT NULL,
-    [ClientSecretHash] VARCHAR(128) NULL,
-    [Scope]            NVARCHAR (4000) NOT NULL,
-    [EncryptedPayload] NVARCHAR (4000) NOT NULL,
-    [Key]              VARCHAR (MAX) NOT NULL,
-    [ExpireAt]         DATETIME2(7) NULL,
-    [CreationDate]     DATETIME2(7) NOT NULL,
-    [RevisionDate]     DATETIME2(7) NOT NULL,
-    CONSTRAINT [PK_ApiKey] PRIMARY KEY CLUSTERED ([Id] ASC),
-    CONSTRAINT [FK_ApiKey_ServiceAccountId] FOREIGN KEY ([ServiceAccountId]) REFERENCES [dbo].[ServiceAccount] ([Id])
-);
-
-GO
-CREATE NONCLUSTERED INDEX [IX_ApiKey_ServiceAccountId]
-    ON [dbo].[ApiKey]([ServiceAccountId] ASC);

util/Migrator/DbScripts/2023-08-10_00_ClientSecretHashDataMigration.sql

@@ -1,7 +1,7 @@
 /*
 This is the data migration script for the client secret hash updates.
 The initial migration util/Migrator/DbScripts/2023-05-16_00_ClientSecretHash.sql should be run prior.
-The final migration is in util/Migrator/DbScripts_future/2023-06-FutureMigration.sql.
+The final migration is in util/Migrator/DbScripts/2023-08-10_01_RemoveClientSecret
 */
 IF COL_LENGTH('[dbo].[ApiKey]', 'ClientSecretHash') IS NOT NULL AND COL_LENGTH('[dbo].[ApiKey]', 'ClientSecret')  IS NOT NULL
 BEGIN
@@ -9,7 +9,7 @@ BEGIN
   -- Add index
   IF NOT EXISTS(SELECT name FROM sys.indexes WHERE name = 'IX_ApiKey_ClientSecretHash')
   BEGIN
-   CREATE NONCLUSTERED INDEX [IX_ApiKey_ClientSecretHash] 
+   CREATE NONCLUSTERED INDEX [IX_ApiKey_ClientSecretHash]
    ON [dbo].[ApiKey]([ClientSecretHash] ASC)
    WITH (ONLINE = ON)
   END
@@ -30,7 +30,7 @@ BEGIN
     WHERE [ClientSecretHash] IS NULL
 
     SET @BatchSize = @@ROWCOUNT
-    
+
     COMMIT TRANSACTION Migrate_ClientSecretHash
   END
 

util/Migrator/DbScripts/2023-08-10_01_RemoveClientSecret.sql

@@ -36,7 +36,7 @@ AS
 BEGIN
     SET NOCOUNT ON
 
-    INSERT INTO [dbo].[ApiKey] 
+    INSERT INTO [dbo].[ApiKey]
     (
         [Id],
         [ServiceAccountId],
@@ -49,7 +49,7 @@ BEGIN
         [CreationDate],
         [RevisionDate]
     )
-    VALUES 
+    VALUES
     (
         @Id,
         @ServiceAccountId,