fix: identity credential identifiers are now unique per method

identity/credentials.go

@@ -92,6 +92,8 @@ type (
 		Identifier string    `db:"identifier"`
 		// IdentityCredentialsID is a helper struct field for gobuffalo.pop.
 		IdentityCredentialsID uuid.UUID `json:"-" db:"identity_credential_id"`
+		// IdentityCredentialsTypeID is a helper struct field for gobuffalo.pop.
+		IdentityCredentialsTypeID uuid.UUID `json:"-" db:"identity_credential_type_id"`
 		// CreatedAt is a helper struct field for gobuffalo.pop.
 		CreatedAt time.Time `json:"created_at" db:"created_at"`
 		// UpdatedAt is a helper struct field for gobuffalo.pop.

identity/test/pool.go

@@ -753,8 +753,8 @@ func TestPool(ctx context.Context, conf *config.Config, p interface {
 			require.NoError(t, p.GetConnection(ctx).RawQuery("INSERT INTO identity_credentials (id, identity_id, nid, identity_credential_type_id, created_at, updated_at, config) VALUES (?, ?, ?, ?, ?, ?, '{}')", cid2, iid, nid2, m[0].ID, time.Now(), time.Now()).Exec())
 
 			ici1, ici2 := x.NewUUID(), x.NewUUID()
-			require.NoError(t, p.GetConnection(ctx).RawQuery("INSERT INTO identity_credential_identifiers (id, identity_credential_id, nid, identifier, created_at, updated_at) VALUES (?, ?, ?, ?, ?, ?)", ici1, cid1, nid1, "nid1", time.Now(), time.Now()).Exec())
-			require.NoError(t, p.GetConnection(ctx).RawQuery("INSERT INTO identity_credential_identifiers (id, identity_credential_id, nid, identifier, created_at, updated_at) VALUES (?, ?, ?, ?, ?, ?)", ici2, cid2, nid2, "nid2", time.Now(), time.Now()).Exec())
+			require.NoError(t, p.GetConnection(ctx).RawQuery("INSERT INTO identity_credential_identifiers (id, identity_credential_id, nid, identifier, created_at, updated_at, identity_credential_type_id) VALUES (?, ?, ?, ?, ?, ?, ?)", ici1, cid1, nid1, "nid1", time.Now(), time.Now(), cid1).Exec())
+			require.NoError(t, p.GetConnection(ctx).RawQuery("INSERT INTO identity_credential_identifiers (id, identity_credential_id, nid, identifier, created_at, updated_at, identity_credential_type_id) VALUES (?, ?, ?, ?, ?, ?, ?)", ici2, cid2, nid2, "nid2", time.Now(), time.Now(), cid1).Exec())
 
 			_, err := p.GetIdentity(ctx, nid1)
 			require.ErrorIs(t, err, sqlcon.ErrNoRows)

persistence/sql/migrations/sql/20210410175418000063_network.sqlite3.down.sql

@@ -1 +0,0 @@
-DROP INDEX IF EXISTS "selfservice_login_flows_nid_idx";

persistence/sql/migrations/sql/20210817181232000000_unique_credentials.cockroach.down.sql

@@ -0,0 +1 @@
+CREATE UNIQUE INDEX "identity_credential_identifiers_identifier_nid_uq_idx" ON "identity_credential_identifiers" (nid, identifier);

persistence/sql/migrations/sql/20210817181232000000_unique_credentials.cockroach.up.sql

@@ -0,0 +1 @@
+DROP INDEX IF EXISTS "identity_credential_identifiers_identifier_nid_uq_idx";

persistence/sql/migrations/sql/20210817181232000000_unique_credentials.mysql.down.sql

@@ -0,0 +1 @@
+CREATE UNIQUE INDEX `identity_credential_identifiers_identifier_nid_uq_idx` ON `identity_credential_identifiers` (`nid`, `identifier`);

persistence/sql/migrations/sql/20210817181232000000_unique_credentials.mysql.up.sql

@@ -0,0 +1 @@
+ALTER TABLE identity_credential_identifiers DROP FOREIGN KEY identity_credential_identifiers_nid_fk_idx;

persistence/sql/migrations/sql/20210817181232000000_unique_credentials.postgres.down.sql

@@ -0,0 +1 @@
+CREATE UNIQUE INDEX "identity_credential_identifiers_identifier_nid_uq_idx" ON "identity_credential_identifiers" (nid, identifier);

persistence/sql/migrations/sql/20210817181232000000_unique_credentials.postgres.up.sql

@@ -0,0 +1 @@
+DROP INDEX "identity_credential_identifiers_identifier_nid_uq_idx";

persistence/sql/migrations/sql/20210817181232000000_unique_credentials.sqlite3.down.sql

@@ -0,0 +1 @@
+CREATE UNIQUE INDEX "identity_credential_identifiers_identifier_nid_uq_idx" ON "identity_credential_identifiers" (nid, identifier);

persistence/sql/migrations/sql/20210817181232000000_unique_credentials.sqlite3.up.sql

@@ -0,0 +1 @@
+DROP INDEX IF EXISTS "identity_credential_identifiers_identifier_nid_uq_idx";

persistence/sql/migrations/sql/20210817181232000001_unique_credentials.cockroach.down.sql

@@ -0,0 +1 @@
+ALTER TABLE "identity_credential_identifiers" DROP COLUMN "identity_credential_type_id";

persistence/sql/migrations/sql/20210817181232000001_unique_credentials.cockroach.up.sql

@@ -0,0 +1,2 @@
+ALTER TABLE "identity_credential_identifiers"
+  ADD COLUMN "identity_credential_type_id" UUID;

persistence/sql/migrations/sql/20210817181232000001_unique_credentials.mysql.down.sql

@@ -0,0 +1 @@
+ALTER TABLE `identity_credential_identifiers` DROP COLUMN `identity_credential_type_id`;

persistence/sql/migrations/sql/20210817181232000001_unique_credentials.mysql.up.sql

@@ -0,0 +1 @@
+DROP INDEX `identity_credential_identifiers_identifier_nid_uq_idx` ON `identity_credential_identifiers`;

persistence/sql/migrations/sql/20210817181232000001_unique_credentials.postgres.down.sql

@@ -0,0 +1 @@
+ALTER TABLE "identity_credential_identifiers" DROP COLUMN "identity_credential_type_id";

persistence/sql/migrations/sql/20210817181232000001_unique_credentials.postgres.up.sql

@@ -0,0 +1 @@
+ALTER TABLE "identity_credential_identifiers" ADD COLUMN "identity_credential_type_id" UUID;

persistence/sql/migrations/sql/20210817181232000001_unique_credentials.sqlite3.down.sql

@@ -0,0 +1 @@
+ALTER TABLE "_identity_credential_identifiers_tmp" RENAME TO "identity_credential_identifiers";

persistence/sql/migrations/sql/20210817181232000001_unique_credentials.sqlite3.up.sql

@@ -0,0 +1 @@
+ALTER TABLE "identity_credential_identifiers" ADD COLUMN "identity_credential_type_id" char(36);

persistence/sql/migrations/sql/20210817181232000002_unique_credentials.cockroach.down.sql

@@ -0,0 +1 @@
+DROP INDEX IF EXISTS "identity_credential_identifiers_identifier_nid_type_uq_idx";

persistence/sql/migrations/sql/20210817181232000002_unique_credentials.cockroach.up.sql

@@ -0,0 +1,2 @@
+ALTER TABLE "identity_credential_identifiers"
+  ADD CONSTRAINT "identity_credential_identifiers_type_id_fk_idx" FOREIGN KEY ("identity_credential_type_id") REFERENCES "identity_credential_types" ("id") ON UPDATE RESTRICT ON DELETE CASCADE;

persistence/sql/migrations/sql/20210817181232000002_unique_credentials.mysql.down.sql

@@ -0,0 +1,2 @@
+ALTER TABLE `identity_credential_identifiers`
+  ADD CONSTRAINT `identity_credential_identifiers_nid_fk_idx` FOREIGN KEY (`nid`) REFERENCES `networks` (`id`) ON UPDATE RESTRICT ON DELETE CASCADE;

persistence/sql/migrations/sql/20210817181232000002_unique_credentials.mysql.up.sql

@@ -0,0 +1,2 @@
+ALTER TABLE `identity_credential_identifiers`
+  ADD CONSTRAINT `identity_credential_identifiers_nid_fk_idx` FOREIGN KEY (`nid`) REFERENCES `networks` (`id`) ON UPDATE RESTRICT ON DELETE CASCADE;

persistence/sql/migrations/sql/20210817181232000002_unique_credentials.postgres.down.sql

@@ -0,0 +1 @@
+DROP INDEX "identity_credential_identifiers_identifier_nid_type_uq_idx";

persistence/sql/migrations/sql/20210817181232000002_unique_credentials.postgres.up.sql

@@ -0,0 +1,2 @@
+ALTER TABLE "identity_credential_identifiers"
+  ADD CONSTRAINT "identity_credential_identifiers_type_id_fk_idx" FOREIGN KEY ("identity_credential_type_id") REFERENCES "identity_credential_types" ("id") ON UPDATE RESTRICT ON DELETE CASCADE;

persistence/sql/migrations/sql/20210817181232000002_unique_credentials.sqlite3.down.sql

@@ -0,0 +1,2 @@
+
+DROP TABLE "identity_credential_identifiers";

persistence/sql/migrations/sql/20210817181232000002_unique_credentials.sqlite3.up.sql

@@ -0,0 +1 @@
+ALTER TABLE identity_credential_identifiers DROP COLUMN identity_credential_type_id;

persistence/sql/migrations/sql/20210817181232000003_unique_credentials.cockroach.up.sql

@@ -0,0 +1,5 @@
+UPDATE identity_credential_identifiers
+SET identity_credential_type_id = (SELECT ict.id
+                                   FROM identity_credential_types as ict
+                                          JOIN identity_credentials AS ic ON (ic.identity_credential_type_id = ict.id)
+                                   WHERE ic.id = identity_credential_id);

persistence/sql/migrations/sql/20210817181232000003_unique_credentials.mysql.down.sql

@@ -0,0 +1 @@
+DROP INDEX `identity_credential_identifiers_identifier_nid_type_uq_idx` ON `identity_credential_identifiers`;

persistence/sql/migrations/sql/20210817181232000003_unique_credentials.mysql.up.sql

@@ -0,0 +1,2 @@
+ALTER TABLE `identity_credential_identifiers`
+  ADD COLUMN `identity_credential_type_id` char(36);

persistence/sql/migrations/sql/20210817181232000003_unique_credentials.postgres.up.sql

@@ -0,0 +1,5 @@
+UPDATE identity_credential_identifiers
+SET identity_credential_type_id = (SELECT ict.id
+                                   FROM identity_credential_types as ict
+                                          JOIN identity_credentials AS ic ON (ic.identity_credential_type_id = ict.id)
+                                   WHERE ic.id = identity_credential_id);

persistence/sql/migrations/sql/20210817181232000003_unique_credentials.sqlite3.down.sql

@@ -0,0 +1 @@
+INSERT INTO "_identity_credential_identifiers_tmp" (id, identifier, identity_credential_id, created_at, updated_at, nid) SELECT id, identifier, identity_credential_id, created_at, updated_at, nid FROM "identity_credential_identifiers";

persistence/sql/migrations/sql/20210817181232000003_unique_credentials.sqlite3.up.sql

@@ -0,0 +1 @@
+ALTER TABLE identity_credential_identifiers ADD COLUMN identity_credential_type_id CHAR(36) NULL REFERENCES identity_credential_types(id) ON DELETE CASCADE ON UPDATE RESTRICT;

persistence/sql/migrations/sql/20210817181232000004_unique_credentials.cockroach.up.sql

@@ -0,0 +1 @@
+ALTER TABLE "identity_credential_identifiers" DROP CONSTRAINT "identity_credential_identifiers_type_id_fk_idx";

persistence/sql/migrations/sql/20210817181232000004_unique_credentials.mysql.down.sql

@@ -0,0 +1 @@
+ALTER TABLE identity_credential_identifiers DROP FOREIGN KEY identity_credential_identifiers_type_id_fk_idx;

persistence/sql/migrations/sql/20210817181232000004_unique_credentials.mysql.up.sql

@@ -0,0 +1,2 @@
+ALTER TABLE `identity_credential_identifiers`
+  ADD CONSTRAINT `identity_credential_identifiers_type_id_fk_idx` FOREIGN KEY (`identity_credential_type_id`) REFERENCES `identity_credential_types` (`id`) ON UPDATE RESTRICT ON DELETE CASCADE;

persistence/sql/migrations/sql/20210817181232000004_unique_credentials.postgres.up.sql

@@ -0,0 +1 @@
+ALTER TABLE "identity_credential_identifiers" ALTER COLUMN "identity_credential_type_id" TYPE UUID, ALTER COLUMN "identity_credential_type_id" SET NOT NULL;

persistence/sql/migrations/sql/20210817181232000004_unique_credentials.sqlite3.down.sql

@@ -0,0 +1 @@
+CREATE INDEX "identity_credential_identifiers_nid_idx" ON "_identity_credential_identifiers_tmp" (id, nid);

persistence/sql/migrations/sql/20210817181232000004_unique_credentials.sqlite3.up.sql

@@ -0,0 +1,5 @@
+UPDATE identity_credential_identifiers
+SET identity_credential_type_id = (SELECT ict.id
+                                   FROM identity_credential_types as ict
+                                          JOIN identity_credentials AS ic ON (ic.identity_credential_type_id = ict.id)
+                                   WHERE ic.id = identity_credential_id);

persistence/sql/migrations/sql/20210817181232000005_unique_credentials.cockroach.up.sql

@@ -0,0 +1 @@
+ALTER TABLE "identity_credential_identifiers" RENAME COLUMN "identity_credential_type_id" TO "_identity_credential_type_id_tmp";

persistence/sql/migrations/sql/20210817181232000005_unique_credentials.mysql.down.sql

@@ -0,0 +1 @@
+ALTER TABLE identity_credential_identifiers DROP FOREIGN KEY identity_credential_identifiers_nid_fk_idx;

persistence/sql/migrations/sql/20210817181232000005_unique_credentials.mysql.up.sql

@@ -0,0 +1,5 @@
+UPDATE identity_credential_identifiers
+SET identity_credential_type_id = (SELECT ict.id
+                                   FROM identity_credential_types as ict
+                                          JOIN identity_credentials AS ic ON (ic.identity_credential_type_id = ict.id)
+                                   WHERE ic.id = identity_credential_id);

persistence/sql/migrations/sql/20210817181232000005_unique_credentials.postgres.up.sql

@@ -0,0 +1 @@
+CREATE UNIQUE INDEX "identity_credential_identifiers_identifier_nid_type_uq_idx" ON "identity_credential_identifiers" (nid, identity_credential_type_id, identifier);

persistence/sql/migrations/sql/20210817181232000005_unique_credentials.sqlite3.down.sql

@@ -0,0 +1,9 @@
+CREATE TABLE "_identity_credential_identifiers_tmp" (
+"id" TEXT PRIMARY KEY,
+"identifier" TEXT NOT NULL,
+"identity_credential_id" char(36) NOT NULL,
+"created_at" DATETIME NOT NULL,
+"updated_at" DATETIME NOT NULL,
+"nid" char(36),
+FOREIGN KEY (identity_credential_id) REFERENCES identity_credentials (id) ON UPDATE NO ACTION ON DELETE CASCADE
+);

persistence/sql/migrations/sql/20210817181232000005_unique_credentials.sqlite3.up.sql

@@ -0,0 +1 @@
+DROP INDEX IF EXISTS "identity_credential_identifiers_nid_idx";

persistence/sql/migrations/sql/20210817181232000006_unique_credentials.cockroach.up.sql

@@ -0,0 +1,2 @@
+ALTER TABLE "identity_credential_identifiers"
+  ADD COLUMN "identity_credential_type_id" UUID;

persistence/sql/migrations/sql/20210817181232000006_unique_credentials.mysql.up.sql

@@ -0,0 +1 @@
+ALTER TABLE `identity_credential_identifiers` MODIFY `identity_credential_type_id` char (36) NOT NULL;

persistence/sql/migrations/sql/20210817181232000006_unique_credentials.sqlite3.down.sql

@@ -0,0 +1 @@
+DROP INDEX IF EXISTS "identity_credential_identifiers_nid_idx";

persistence/sql/migrations/sql/20210817181232000006_unique_credentials.sqlite3.up.sql

@@ -0,0 +1,11 @@
+CREATE TABLE "_identity_credential_identifiers_tmp"
+(
+  "id"                          TEXT PRIMARY KEY,
+  "identifier"                  TEXT     NOT NULL,
+  "identity_credential_id"      char(36) NOT NULL,
+  "created_at"                  DATETIME NOT NULL,
+  "updated_at"                  DATETIME NOT NULL,
+  "nid"                         char(36),
+  "identity_credential_type_id" char(36) NOT NULL,
+  FOREIGN KEY (identity_credential_id) REFERENCES identity_credentials (id) ON UPDATE NO ACTION ON DELETE CASCADE
+);

persistence/sql/migrations/sql/20210817181232000007_unique_credentials.cockroach.up.sql

@@ -0,0 +1,2 @@
+UPDATE "identity_credential_identifiers"
+SET "identity_credential_type_id" = "_identity_credential_type_id_tmp";

persistence/sql/migrations/sql/20210817181232000007_unique_credentials.mysql.up.sql

@@ -0,0 +1 @@
+CREATE UNIQUE INDEX `identity_credential_identifiers_identifier_nid_type_uq_idx` ON `identity_credential_identifiers` (`nid`, `identity_credential_type_id`, `identifier`);

persistence/sql/migrations/sql/20210817181232000007_unique_credentials.sqlite3.down.sql

@@ -0,0 +1 @@
+DROP INDEX IF EXISTS "identity_credential_identifiers_identifier_nid_type_uq_idx";

persistence/sql/migrations/sql/20210817181232000007_unique_credentials.sqlite3.up.sql

@@ -0,0 +1 @@
+CREATE INDEX "identity_credential_identifiers_nid_idx" ON "_identity_credential_identifiers_tmp" (id, nid);

persistence/sql/migrations/sql/20210817181232000008_unique_credentials.cockroach.up.sql

@@ -0,0 +1,2 @@
+ALTER TABLE "identity_credential_identifiers"
+  ALTER COLUMN "identity_credential_type_id" SET NOT NULL;

persistence/sql/migrations/sql/20210817181232000008_unique_credentials.sqlite3.up.sql

@@ -0,0 +1,4 @@
+INSERT INTO "_identity_credential_identifiers_tmp" (id, identifier, identity_credential_id, created_at, updated_at, nid,
+                                                    identity_credential_type_id)
+SELECT id, identifier, identity_credential_id, created_at, updated_at, nid, identity_credential_type_id
+FROM "identity_credential_identifiers";

persistence/sql/migrations/sql/20210817181232000009_unique_credentials.cockroach.up.sql

@@ -0,0 +1 @@
+ALTER TABLE "identity_credential_identifiers" DROP COLUMN "_identity_credential_type_id_tmp";

persistence/sql/migrations/sql/20210817181232000009_unique_credentials.sqlite3.up.sql

@@ -0,0 +1 @@
+DROP TABLE "identity_credential_identifiers";

persistence/sql/migrations/sql/20210817181232000010_unique_credentials.cockroach.up.sql

@@ -0,0 +1,2 @@
+ALTER TABLE "identity_credential_identifiers"
+  ADD CONSTRAINT "identity_credential_identifiers_type_id_fk_idx" FOREIGN KEY ("identity_credential_type_id") REFERENCES "identity_credential_types" ("id") ON UPDATE RESTRICT ON DELETE CASCADE;

persistence/sql/migrations/sql/20210817181232000010_unique_credentials.sqlite3.up.sql

@@ -0,0 +1 @@
+ALTER TABLE "_identity_credential_identifiers_tmp" RENAME TO "identity_credential_identifiers";

persistence/sql/migrations/sql/20210817181232000011_unique_credentials.cockroach.up.sql

@@ -0,0 +1 @@
+CREATE UNIQUE INDEX "identity_credential_identifiers_identifier_nid_type_uq_idx" ON "identity_credential_identifiers" (nid, identity_credential_type_id, identifier);

persistence/sql/migrations/sql/20210817181232000011_unique_credentials.sqlite3.up.sql

@@ -0,0 +1 @@
+CREATE UNIQUE INDEX "identity_credential_identifiers_identifier_nid_type_uq_idx" ON "identity_credential_identifiers" (nid, identity_credential_type_id, identifier);

persistence/sql/migrations/templates/20210817181232_unique_credentials.down.fizz

@@ -0,0 +1,18 @@
+{{ if .IsMySQL }}
+  sql("ALTER TABLE identity_credential_identifiers DROP FOREIGN KEY identity_credential_identifiers_nid_fk_idx")
+  sql("ALTER TABLE identity_credential_identifiers DROP FOREIGN KEY identity_credential_identifiers_type_id_fk_idx")
+{{ end }}
+
+drop_index("identity_credential_identifiers","identity_credential_identifiers_identifier_nid_type_uq_idx")
+
+{{ if .IsMySQL }}
+  add_foreign_key("identity_credential_identifiers", "nid", {"networks": ["id"]}, {
+      "name": "identity_credential_identifiers_nid_fk_idx",
+      "on_delete": "CASCADE",
+      "on_update": "RESTRICT",
+  })
+{{ end }}
+
+drop_column("identity_credential_identifiers", "identity_credential_type_id")
+
+add_index("identity_credential_identifiers", ["nid", "identifier"], {"unique": true, "name": "identity_credential_identifiers_identifier_nid_uq_idx"})

persistence/sql/migrations/templates/20210817181232_unique_credentials.up.fizz

@@ -0,0 +1,31 @@
+{{ if .IsMySQL }}
+  sql("ALTER TABLE identity_credential_identifiers DROP FOREIGN KEY identity_credential_identifiers_nid_fk_idx")
+{{ end }}
+
+drop_index("identity_credential_identifiers", "identity_credential_identifiers_identifier_nid_uq_idx")
+
+{{ if .IsMySQL }}
+  add_foreign_key("identity_credential_identifiers", "nid", {"networks": ["id"]}, {
+      "name": "identity_credential_identifiers_nid_fk_idx",
+      "on_delete": "CASCADE",
+      "on_update": "RESTRICT",
+  })
+{{ end }}
+
+add_column("identity_credential_identifiers", "identity_credential_type_id", "uuid", { "null": true })
+
+{{ if .IsSQLite }}
+  sql("ALTER TABLE identity_credential_identifiers DROP COLUMN identity_credential_type_id")
+  sql("ALTER TABLE identity_credential_identifiers ADD COLUMN identity_credential_type_id CHAR(36) NULL REFERENCES identity_credential_types(id) ON DELETE CASCADE ON UPDATE RESTRICT")
+{{ else }}
+  add_foreign_key("identity_credential_identifiers", "identity_credential_type_id", {"identity_credential_types": ["id"]}, {
+      "name": "identity_credential_identifiers_type_id_fk_idx",
+      "on_delete": "CASCADE",
+      "on_update": "RESTRICT",
+  })
+{{ end }}
+
+sql("UPDATE identity_credential_identifiers SET identity_credential_type_id = (SELECT  ict.id FROM identity_credential_types as ict JOIN identity_credentials AS ic ON (ic.identity_credential_type_id = ict.id) WHERE ic.id = identity_credential_id)")
+
+change_column("identity_credential_identifiers", "identity_credential_type_id", "uuid", {})
+add_index("identity_credential_identifiers", ["nid", "identity_credential_type_id", "identifier"], {"unique": true, "name": "identity_credential_identifiers_identifier_nid_type_uq_idx"})

persistence/sql/persister_identity.go

@@ -144,9 +144,10 @@ func (p *Persister) createIdentityCredentials(ctx context.Context, i *identity.I
 			}
 
 			if err := c.Create(&identity.CredentialIdentifier{
-				Identifier:            ids,
-				IdentityCredentialsID: cred.ID,
-				NID:                   corp.ContextualizeNID(ctx, p.nid),
+				Identifier:                ids,
+				IdentityCredentialsID:     cred.ID,
+				IdentityCredentialsTypeID: ct.ID,
+				NID:                       corp.ContextualizeNID(ctx, p.nid),
 			}); err != nil {
 				return sqlcon.HandleError(err)
 			}