refactor(db): add hashedSecret column to clients

First half of #155
mozilla · Aug 12, 2015 · 9ceaf1f · 9ceaf1f
1 parent 7c11713
commit 9ceaf1f
Show file tree

Hide file tree

Showing 7 changed files with 26 additions and 11 deletions.
diff --git a/lib/db/memory.js b/lib/db/memory.js
@@ -19,7 +19,7 @@ const MAX_TTL = config.get('expiration.accessToken');
  *   clients: {
  *     <id>: {
  *       id: <id>,
- *       secret: <string>,
+ *       hashedSecret: <string>,
  *       name: <string>,
  *       imageUri: <string>,
  *       redirectUri: <string>,
@@ -133,7 +133,7 @@ MemoryStore.prototype = {
     client.canGrant = !!client.canGrant;
     client.trusted = !!client.trusted;
     this.clients[hex] = client;
-    client.secret = client.hashedSecret;
+    client.hashedSecret = client.hashedSecret;
     return P.resolve(client);
   },
   updateClient: function updateClient(client) {
@@ -149,7 +149,7 @@ MemoryStore.prototype = {
       if (key === 'id') {
         // nothing
       } else if (key === 'hashedSecret') {
-        old.secret = buf(client[key]);
+        old.hashedSecret = buf(client[key]);
       } else if (client[key] !== undefined) {
         old[key] = client[key];
       }

diff --git a/lib/db/mysql/index.js b/lib/db/mysql/index.js
@@ -114,9 +114,9 @@ MysqlStore.connect = function mysqlConnect(options) {
 
 const QUERY_CLIENT_REGISTER =
   'INSERT INTO clients ' +
-  '(id, name, imageUri, secret, redirectUri, termsUri, privacyUri, ' +
-  ' trusted, canGrant) ' +
-  'VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?);';
+  '(id, name, imageUri, hashedSecret, secret, redirectUri, termsUri,' +
+  'privacyUri, trusted, canGrant) ' +
+  'VALUES (?,?, ?, ?, ?, ?, ?, ?, ?, ?);';
 const QUERY_CLIENT_DEVELOPER_INSERT =
   'INSERT INTO clientDevelopers ' +
   '(rowId, developerId, clientId) ' +
@@ -144,7 +144,9 @@ const QUERY_CLIENT_LIST = 'SELECT id, name, redirectUri, imageUri, ' +
   'developers.email =?;';
 const QUERY_CLIENT_UPDATE = 'UPDATE clients SET ' +
   'name=COALESCE(?, name), imageUri=COALESCE(?, imageUri), ' +
-  'secret=COALESCE(?, secret), redirectUri=COALESCE(?, redirectUri), ' +
+  'hashedSecret=COALESCE(?, hashedSecret), ' +
+  'secret=COALESCE(?, hashedSecret), ' +
+  'redirectUri=COALESCE(?, redirectUri), ' +
   'termsUri=COALESCE(?, termsUri), privacyUri=COALESCE(?, privacyUri), ' +
   'trusted=COALESCE(?, trusted), canGrant=COALESCE(?, canGrant) ' +
   'WHERE id=?';
@@ -213,6 +215,7 @@ MysqlStore.prototype = {
       client.name,
       client.imageUri || '',
       buf(client.hashedSecret),
+      buf(client.hashedSecret), // duplicate for `secret` column until dropped
       client.redirectUri,
       client.termsUri || '',
       client.privacyUri || '',
@@ -299,7 +302,7 @@ MysqlStore.prototype = {
     if (!client.id) {
       return P.reject(new Error('Update client needs an id'));
     }
-    var secret = client.hashedSecret || client.secret || null;
+    var secret = client.hashedSecret;
     if (secret) {
       secret = buf(secret);
     }
@@ -308,6 +311,7 @@ MysqlStore.prototype = {
       client.name,
       client.imageUri,
       secret,
+      secret, // duplicate for `secret` column until dropped
       client.redirectUri,
       client.termsUri,
       client.privacyUri,

diff --git a/lib/db/mysql/patch.js b/lib/db/mysql/patch.js
@@ -6,4 +6,4 @@
 // Update this if you add a new patch, and don't forget to update
 // the documentation for the current schema in ../schema.sql.
 
-module.exports.level = 8;
+module.exports.level = 9;
diff --git a/lib/db/mysql/patches/patch-008-009.sql b/lib/db/mysql/patches/patch-008-009.sql
@@ -0,0 +1,6 @@
+-- Add hashedSecret column, to replace secret column.
+
+ALTER TABLE clients ADD COLUMN hashedSecret BINARY(32);
+UPDATE clients SET hashedSecret = secret;
+
+UPDATE dbMetadata SET value = '9' WHERE name = 'schema-patch-level';
diff --git a/lib/db/mysql/patches/patch-009-008.sql b/lib/db/mysql/patches/patch-009-008.sql
@@ -0,0 +1,4 @@
+--  (commented out to avoid accidentally running this in production...)
+
+-- ALTER TABLE clients DROP COLUMN hashedSecret;
+-- UPDATE dbMetadata SET value = '8' WHERE name = 'schema-patch-level';
diff --git a/lib/db/mysql/schema.sql b/lib/db/mysql/schema.sql
@@ -9,7 +9,8 @@
 
 CREATE TABLE IF NOT EXISTS clients (
   id BINARY(8) PRIMARY KEY,
-  hashedSecret BINARY(32) NOT NULL,
+  hashedSecret BINARY(32),
+  secret BINARY(32),
   name VARCHAR(256) NOT NULL,
   imageUri VARCHAR(256) NOT NULL,
   redirectUri VARCHAR(256) NOT NULL,

diff --git a/lib/routes/token.js b/lib/routes/token.js
@@ -28,7 +28,7 @@ function confirmClient(id, secret) {
     }
 
     var submitted = hex(encrypt.hash(buf(secret)));
-    var stored = hex(client.secret);
+    var stored = hex(client.hashedSecret);
     if (submitted !== stored) {
       logger.info('client.mismatchSecret', { client: id });
       logger.verbose('client.mismatchSecret.details', {