[SM-678] ClientSecret migration (#2943)

* Init ClientSecret migration * Fix unit tests * Move to src/Sql/dbo_future * Formatting changes * Update migration date for next release * Swap to just executing sp_refreshview * Fix formatting * Add EF Migrations * Rename to ClientSecretHash * Fix unit test * EF column rename * Batch the migration * Fix formatting * Add deprecation notice to property * Move data migration * Swap to CREATE OR ALTER
2025-06-30 15:42:48 -05:00 · 2023-06-21 13:16:06 -05:00
parent 7f8b6c0bce
commit bb3a9daf98
24 changed files with 7011 additions and 41 deletions
--- a/src/Core/SecretsManager/Commands/AccessTokens/Interfaces/ICreateAccessTokenCommand.cs
+++ b/src/Core/SecretsManager/Commands/AccessTokens/Interfaces/ICreateAccessTokenCommand.cs
@ -1,8 +1,9 @@
 using Bit.Core.SecretsManager.Entities;
+using Bit.Core.SecretsManager.Models.Data;

 namespace Bit.Core.SecretsManager.Commands.AccessTokens.Interfaces;

 public interface ICreateAccessTokenCommand
 {
-    Task<ApiKey> CreateAsync(ApiKey apiKey);
+    Task<ApiKeyClientSecretDetails> CreateAsync(ApiKey apiKey);
 }
--- a/src/Core/SecretsManager/Entities/ApiKey.cs
+++ b/src/Core/SecretsManager/Entities/ApiKey.cs
@ -10,8 +10,8 @@ public class ApiKey : ITableObject<Guid>
    public Guid? ServiceAccountId { get; set; }
    [MaxLength(200)]
    public string Name { get; set; }
-    [MaxLength(30)]
-    public string ClientSecret { get; set; }
+    [MaxLength(128)]
+    public string ClientSecretHash { get; set; }
    [MaxLength(4000)]
    public string Scope { get; set; }
    [MaxLength(4000)]
--- a/src/Core/SecretsManager/Models/Data/ApiKeyClientSecretDetails.cs
+++ b/src/Core/SecretsManager/Models/Data/ApiKeyClientSecretDetails.cs
@ -0,0 +1,9 @@
+using Bit.Core.SecretsManager.Entities;
+
+namespace Bit.Core.SecretsManager.Models.Data;
+
+public class ApiKeyClientSecretDetails
+{
+    public ApiKey ApiKey { get; set; }
+    public string ClientSecret { get; set; }
+}
--- a/src/Core/SecretsManager/Models/Data/ApiKeyDetails.cs
+++ b/src/Core/SecretsManager/Models/Data/ApiKeyDetails.cs
@ -4,6 +4,8 @@ namespace Bit.Core.SecretsManager.Models.Data;

 public class ApiKeyDetails : ApiKey
 {
+    public string ClientSecret { get; set; } // Deprecated as of 2023-05-17
+
    protected ApiKeyDetails() { }

    protected ApiKeyDetails(ApiKey apiKey)
@ -11,7 +13,7 @@ public class ApiKeyDetails : ApiKey
        Id = apiKey.Id;
        ServiceAccountId = apiKey.ServiceAccountId;
        Name = apiKey.Name;
-        ClientSecret = apiKey.ClientSecret;
+        ClientSecretHash = apiKey.ClientSecretHash;
        Scope = apiKey.Scope;
        EncryptedPayload = apiKey.EncryptedPayload;
        Key = apiKey.Key;