feat: add internal context to login and registration

persistence/sql/migrations/sql/20210816113956000000_webauthn.cockroach.down.sql

@@ -0,0 +1 @@
+DELETE FROM identity_credential_types WHERE name = 'webauthn';

persistence/sql/migrations/sql/20210816113956000000_webauthn.cockroach.up.sql

@@ -0,0 +1 @@
+INSERT INTO identity_credential_types (id, name) SELECT '6b213fa0-e6ad-46cb-8878-b088d2ce2e3c', 'webauthn' WHERE NOT EXISTS ( SELECT * FROM identity_credential_types WHERE name = 'webauthn');

persistence/sql/migrations/sql/20210816113956000000_webauthn.mysql.down.sql

@@ -0,0 +1 @@
+DELETE FROM identity_credential_types WHERE name = 'webauthn';

persistence/sql/migrations/sql/20210816113956000000_webauthn.mysql.up.sql

@@ -0,0 +1 @@
+INSERT INTO identity_credential_types (id, name) SELECT '6b213fa0-e6ad-46cb-8878-b088d2ce2e3c', 'webauthn' WHERE NOT EXISTS ( SELECT * FROM identity_credential_types WHERE name = 'webauthn');

persistence/sql/migrations/sql/20210816113956000000_webauthn.postgres.down.sql

@@ -0,0 +1 @@
+DELETE FROM identity_credential_types WHERE name = 'webauthn';

persistence/sql/migrations/sql/20210816113956000000_webauthn.postgres.up.sql

@@ -0,0 +1 @@
+INSERT INTO identity_credential_types (id, name) SELECT '6b213fa0-e6ad-46cb-8878-b088d2ce2e3c', 'webauthn' WHERE NOT EXISTS ( SELECT * FROM identity_credential_types WHERE name = 'webauthn');

persistence/sql/migrations/sql/20210816113956000000_webauthn.sqlite3.down.sql

@@ -0,0 +1 @@
+DELETE FROM identity_credential_types WHERE name = 'webauthn';

persistence/sql/migrations/sql/20210816113956000000_webauthn.sqlite3.up.sql

@@ -0,0 +1 @@
+INSERT INTO identity_credential_types (id, name) SELECT '6b213fa0-e6ad-46cb-8878-b088d2ce2e3c', 'webauthn' WHERE NOT EXISTS ( SELECT * FROM identity_credential_types WHERE name = 'webauthn');

persistence/sql/migrations/sql/20210816142650000000_flow_internal_context.cockroach.down.sql

@@ -0,0 +1 @@
+ALTER TABLE "selfservice_registration_flows" DROP COLUMN "internal_context";

persistence/sql/migrations/sql/20210816142650000000_flow_internal_context.cockroach.up.sql

@@ -0,0 +1 @@
+ALTER TABLE "selfservice_login_flows" ADD COLUMN "internal_context" json;

persistence/sql/migrations/sql/20210816142650000000_flow_internal_context.mysql.down.sql

@@ -0,0 +1 @@
+ALTER TABLE `selfservice_registration_flows` DROP COLUMN `internal_context`;

persistence/sql/migrations/sql/20210816142650000000_flow_internal_context.mysql.up.sql

@@ -0,0 +1 @@
+ALTER TABLE `selfservice_login_flows` ADD COLUMN `internal_context` JSON;

persistence/sql/migrations/sql/20210816142650000000_flow_internal_context.postgres.down.sql

@@ -0,0 +1 @@
+ALTER TABLE "selfservice_registration_flows" DROP COLUMN "internal_context";

persistence/sql/migrations/sql/20210816142650000000_flow_internal_context.postgres.up.sql

@@ -0,0 +1 @@
+ALTER TABLE "selfservice_login_flows" ADD COLUMN "internal_context" jsonb;

persistence/sql/migrations/sql/20210816142650000000_flow_internal_context.sqlite3.down.sql

@@ -0,0 +1 @@
+ALTER TABLE "_selfservice_registration_flows_tmp" RENAME TO "selfservice_registration_flows";

persistence/sql/migrations/sql/20210816142650000000_flow_internal_context.sqlite3.up.sql

@@ -0,0 +1 @@
+ALTER TABLE "selfservice_login_flows" ADD COLUMN "internal_context" TEXT;

persistence/sql/migrations/sql/20210816142650000001_flow_internal_context.cockroach.down.sql

@@ -0,0 +1 @@
+ALTER TABLE "selfservice_login_flows" DROP COLUMN "internal_context";

persistence/sql/migrations/sql/20210816142650000001_flow_internal_context.cockroach.up.sql

@@ -0,0 +1 @@
+UPDATE selfservice_login_flows SET internal_context='{}';

persistence/sql/migrations/sql/20210816142650000001_flow_internal_context.mysql.down.sql

@@ -0,0 +1 @@
+ALTER TABLE `selfservice_login_flows` DROP COLUMN `internal_context`;

persistence/sql/migrations/sql/20210816142650000001_flow_internal_context.mysql.up.sql

@@ -0,0 +1 @@
+UPDATE selfservice_login_flows SET internal_context='{}';

persistence/sql/migrations/sql/20210816142650000001_flow_internal_context.postgres.down.sql

@@ -0,0 +1 @@
+ALTER TABLE "selfservice_login_flows" DROP COLUMN "internal_context";

persistence/sql/migrations/sql/20210816142650000001_flow_internal_context.postgres.up.sql

@@ -0,0 +1 @@
+UPDATE selfservice_login_flows SET internal_context='{}';

persistence/sql/migrations/sql/20210816142650000001_flow_internal_context.sqlite3.down.sql

@@ -0,0 +1,2 @@
+
+DROP TABLE "selfservice_registration_flows";

persistence/sql/migrations/sql/20210816142650000001_flow_internal_context.sqlite3.up.sql

@@ -0,0 +1 @@
+UPDATE selfservice_login_flows SET internal_context='{}';

persistence/sql/migrations/sql/20210816142650000002_flow_internal_context.cockroach.up.sql

@@ -0,0 +1 @@
+ALTER TABLE "selfservice_login_flows" RENAME COLUMN "internal_context" TO "_internal_context_tmp";

persistence/sql/migrations/sql/20210816142650000002_flow_internal_context.mysql.up.sql

@@ -0,0 +1 @@
+ALTER TABLE `selfservice_login_flows` MODIFY `internal_context` JSON NOT NULL;

persistence/sql/migrations/sql/20210816142650000002_flow_internal_context.postgres.up.sql

@@ -0,0 +1 @@
+ALTER TABLE "selfservice_login_flows" ALTER COLUMN "internal_context" TYPE jsonb, ALTER COLUMN "internal_context" SET NOT NULL;

persistence/sql/migrations/sql/20210816142650000002_flow_internal_context.sqlite3.down.sql

@@ -0,0 +1 @@
+INSERT INTO "_selfservice_registration_flows_tmp" (id, request_url, issued_at, expires_at, active_method, csrf_token, created_at, updated_at, type, ui, nid) SELECT id, request_url, issued_at, expires_at, active_method, csrf_token, created_at, updated_at, type, ui, nid FROM "selfservice_registration_flows";

persistence/sql/migrations/sql/20210816142650000002_flow_internal_context.sqlite3.up.sql

@@ -0,0 +1 @@
+DROP INDEX IF EXISTS "selfservice_login_flows_nid_idx";

persistence/sql/migrations/sql/20210816142650000003_flow_internal_context.cockroach.up.sql

@@ -0,0 +1 @@
+ALTER TABLE "selfservice_login_flows" ADD COLUMN "internal_context" json;

persistence/sql/migrations/sql/20210816142650000003_flow_internal_context.mysql.up.sql

@@ -0,0 +1 @@
+ALTER TABLE `selfservice_registration_flows` ADD COLUMN `internal_context` JSON;

persistence/sql/migrations/sql/20210816142650000003_flow_internal_context.postgres.up.sql

@@ -0,0 +1 @@
+ALTER TABLE "selfservice_registration_flows" ADD COLUMN "internal_context" jsonb;

persistence/sql/migrations/sql/20210816142650000003_flow_internal_context.sqlite3.down.sql

@@ -0,0 +1 @@
+CREATE INDEX "selfservice_registration_flows_nid_idx" ON "_selfservice_registration_flows_tmp" (id, nid);

persistence/sql/migrations/sql/20210816142650000003_flow_internal_context.sqlite3.up.sql

@@ -0,0 +1,16 @@
+CREATE TABLE "_selfservice_login_flows_tmp" (
+"id" TEXT PRIMARY KEY,
+"request_url" TEXT NOT NULL,
+"issued_at" DATETIME NOT NULL DEFAULT 'CURRENT_TIMESTAMP',
+"expires_at" DATETIME NOT NULL,
+"active_method" TEXT NOT NULL,
+"csrf_token" TEXT NOT NULL,
+"created_at" DATETIME NOT NULL,
+"updated_at" DATETIME NOT NULL,
+"forced" bool NOT NULL DEFAULT 'false',
+"type" TEXT NOT NULL DEFAULT 'browser',
+"ui" TEXT,
+"nid" char(36),
+"requested_aal" TEXT NOT NULL DEFAULT 'aal1',
+"internal_context" TEXT NOT NULL
+);

persistence/sql/migrations/sql/20210816142650000004_flow_internal_context.cockroach.up.sql

@@ -0,0 +1 @@
+UPDATE "selfservice_login_flows" SET "internal_context" = "_internal_context_tmp";

persistence/sql/migrations/sql/20210816142650000004_flow_internal_context.mysql.up.sql

@@ -0,0 +1 @@
+UPDATE selfservice_registration_flows SET internal_context='{}';

persistence/sql/migrations/sql/20210816142650000004_flow_internal_context.postgres.up.sql

@@ -0,0 +1 @@
+UPDATE selfservice_registration_flows SET internal_context='{}';

persistence/sql/migrations/sql/20210816142650000004_flow_internal_context.sqlite3.down.sql

@@ -0,0 +1,13 @@
+CREATE TABLE "_selfservice_registration_flows_tmp" (
+"id" TEXT PRIMARY KEY,
+"request_url" TEXT NOT NULL,
+"issued_at" DATETIME NOT NULL DEFAULT 'CURRENT_TIMESTAMP',
+"expires_at" DATETIME NOT NULL,
+"active_method" TEXT NOT NULL,
+"csrf_token" TEXT NOT NULL,
+"created_at" DATETIME NOT NULL,
+"updated_at" DATETIME NOT NULL,
+"type" TEXT NOT NULL DEFAULT 'browser',
+"ui" TEXT,
+"nid" char(36)
+);

persistence/sql/migrations/sql/20210816142650000004_flow_internal_context.sqlite3.up.sql

@@ -0,0 +1 @@
+CREATE INDEX "selfservice_login_flows_nid_idx" ON "_selfservice_login_flows_tmp" (id, nid);

persistence/sql/migrations/sql/20210816142650000005_flow_internal_context.cockroach.up.sql

@@ -0,0 +1 @@
+ALTER TABLE "selfservice_login_flows" ALTER COLUMN "internal_context" SET NOT NULL;

persistence/sql/migrations/sql/20210816142650000005_flow_internal_context.mysql.up.sql

@@ -0,0 +1 @@
+ALTER TABLE `selfservice_registration_flows` MODIFY `internal_context` JSON NOT NULL;

persistence/sql/migrations/sql/20210816142650000005_flow_internal_context.postgres.up.sql

@@ -0,0 +1 @@
+ALTER TABLE "selfservice_registration_flows" ALTER COLUMN "internal_context" TYPE jsonb, ALTER COLUMN "internal_context" SET NOT NULL;

persistence/sql/migrations/sql/20210816142650000005_flow_internal_context.sqlite3.down.sql

@@ -0,0 +1 @@
+DROP INDEX IF EXISTS "selfservice_registration_flows_nid_idx";

persistence/sql/migrations/sql/20210816142650000005_flow_internal_context.sqlite3.up.sql

@@ -0,0 +1 @@
+INSERT INTO "_selfservice_login_flows_tmp" (id, request_url, issued_at, expires_at, active_method, csrf_token, created_at, updated_at, forced, type, ui, nid, requested_aal, internal_context) SELECT id, request_url, issued_at, expires_at, active_method, csrf_token, created_at, updated_at, forced, type, ui, nid, requested_aal, internal_context FROM "selfservice_login_flows";

persistence/sql/migrations/sql/20210816142650000006_flow_internal_context.cockroach.up.sql

@@ -0,0 +1 @@
+ALTER TABLE "selfservice_login_flows" DROP COLUMN "_internal_context_tmp";

persistence/sql/migrations/sql/20210816142650000006_flow_internal_context.sqlite3.down.sql

@@ -0,0 +1 @@
+ALTER TABLE "_selfservice_login_flows_tmp" RENAME TO "selfservice_login_flows";

persistence/sql/migrations/sql/20210816142650000006_flow_internal_context.sqlite3.up.sql

@@ -0,0 +1 @@
+DROP TABLE "selfservice_login_flows";

persistence/sql/migrations/sql/20210816142650000007_flow_internal_context.cockroach.up.sql

@@ -0,0 +1 @@
+ALTER TABLE "selfservice_registration_flows" ADD COLUMN "internal_context" json;

persistence/sql/migrations/sql/20210816142650000007_flow_internal_context.sqlite3.down.sql

@@ -0,0 +1,2 @@
+
+DROP TABLE "selfservice_login_flows";

persistence/sql/migrations/sql/20210816142650000007_flow_internal_context.sqlite3.up.sql

@@ -0,0 +1 @@
+ALTER TABLE "_selfservice_login_flows_tmp" RENAME TO "selfservice_login_flows";

persistence/sql/migrations/sql/20210816142650000008_flow_internal_context.cockroach.up.sql

@@ -0,0 +1 @@
+UPDATE selfservice_registration_flows SET internal_context='{}';

persistence/sql/migrations/sql/20210816142650000008_flow_internal_context.sqlite3.down.sql

@@ -0,0 +1 @@
+INSERT INTO "_selfservice_login_flows_tmp" (id, request_url, issued_at, expires_at, active_method, csrf_token, created_at, updated_at, forced, type, ui, nid, requested_aal) SELECT id, request_url, issued_at, expires_at, active_method, csrf_token, created_at, updated_at, forced, type, ui, nid, requested_aal FROM "selfservice_login_flows";

persistence/sql/migrations/sql/20210816142650000008_flow_internal_context.sqlite3.up.sql

@@ -0,0 +1 @@
+ALTER TABLE "selfservice_registration_flows" ADD COLUMN "internal_context" TEXT;

persistence/sql/migrations/sql/20210816142650000009_flow_internal_context.cockroach.up.sql

@@ -0,0 +1 @@
+ALTER TABLE "selfservice_registration_flows" RENAME COLUMN "internal_context" TO "_internal_context_tmp";

persistence/sql/migrations/sql/20210816142650000009_flow_internal_context.sqlite3.down.sql

@@ -0,0 +1 @@
+CREATE INDEX "selfservice_login_flows_nid_idx" ON "_selfservice_login_flows_tmp" (id, nid);

persistence/sql/migrations/sql/20210816142650000009_flow_internal_context.sqlite3.up.sql

@@ -0,0 +1 @@
+UPDATE selfservice_registration_flows SET internal_context='{}';

persistence/sql/migrations/sql/20210816142650000010_flow_internal_context.cockroach.up.sql

@@ -0,0 +1 @@
+ALTER TABLE "selfservice_registration_flows" ADD COLUMN "internal_context" json;

persistence/sql/migrations/sql/20210816142650000010_flow_internal_context.sqlite3.down.sql

@@ -0,0 +1,15 @@
+CREATE TABLE "_selfservice_login_flows_tmp" (
+"id" TEXT PRIMARY KEY,
+"request_url" TEXT NOT NULL,
+"issued_at" DATETIME NOT NULL DEFAULT 'CURRENT_TIMESTAMP',
+"expires_at" DATETIME NOT NULL,
+"active_method" TEXT NOT NULL,
+"csrf_token" TEXT NOT NULL,
+"created_at" DATETIME NOT NULL,
+"updated_at" DATETIME NOT NULL,
+"forced" bool NOT NULL DEFAULT 'false',
+"type" TEXT NOT NULL DEFAULT 'browser',
+"ui" TEXT,
+"nid" char(36),
+"requested_aal" TEXT NOT NULL DEFAULT 'aal1'
+);

persistence/sql/migrations/sql/20210816142650000010_flow_internal_context.sqlite3.up.sql

@@ -0,0 +1 @@
+DROP INDEX IF EXISTS "selfservice_registration_flows_nid_idx";

persistence/sql/migrations/sql/20210816142650000011_flow_internal_context.cockroach.up.sql

@@ -0,0 +1 @@
+UPDATE "selfservice_registration_flows" SET "internal_context" = "_internal_context_tmp";

persistence/sql/migrations/sql/20210816142650000011_flow_internal_context.sqlite3.down.sql

@@ -0,0 +1 @@
+DROP INDEX IF EXISTS "selfservice_login_flows_nid_idx";

persistence/sql/migrations/sql/20210816142650000011_flow_internal_context.sqlite3.up.sql

@@ -0,0 +1,14 @@
+CREATE TABLE "_selfservice_registration_flows_tmp" (
+"id" TEXT PRIMARY KEY,
+"request_url" TEXT NOT NULL,
+"issued_at" DATETIME NOT NULL DEFAULT 'CURRENT_TIMESTAMP',
+"expires_at" DATETIME NOT NULL,
+"active_method" TEXT NOT NULL,
+"csrf_token" TEXT NOT NULL,
+"created_at" DATETIME NOT NULL,
+"updated_at" DATETIME NOT NULL,
+"type" TEXT NOT NULL DEFAULT 'browser',
+"ui" TEXT,
+"nid" char(36),
+"internal_context" TEXT NOT NULL
+);

persistence/sql/migrations/sql/20210816142650000012_flow_internal_context.cockroach.up.sql

@@ -0,0 +1 @@
+ALTER TABLE "selfservice_registration_flows" ALTER COLUMN "internal_context" SET NOT NULL;

persistence/sql/migrations/sql/20210816142650000012_flow_internal_context.sqlite3.up.sql

@@ -0,0 +1 @@
+CREATE INDEX "selfservice_registration_flows_nid_idx" ON "_selfservice_registration_flows_tmp" (id, nid);

persistence/sql/migrations/sql/20210816142650000013_flow_internal_context.cockroach.up.sql

@@ -0,0 +1 @@
+ALTER TABLE "selfservice_registration_flows" DROP COLUMN "_internal_context_tmp";

persistence/sql/migrations/sql/20210816142650000013_flow_internal_context.sqlite3.up.sql

@@ -0,0 +1 @@
+INSERT INTO "_selfservice_registration_flows_tmp" (id, request_url, issued_at, expires_at, active_method, csrf_token, created_at, updated_at, type, ui, nid, internal_context) SELECT id, request_url, issued_at, expires_at, active_method, csrf_token, created_at, updated_at, type, ui, nid, internal_context FROM "selfservice_registration_flows";

persistence/sql/migrations/sql/20210816142650000014_flow_internal_context.sqlite3.up.sql

@@ -0,0 +1 @@
+DROP TABLE "selfservice_registration_flows";

persistence/sql/migrations/sql/20210816142650000015_flow_internal_context.sqlite3.up.sql

@@ -0,0 +1 @@
+ALTER TABLE "_selfservice_registration_flows_tmp" RENAME TO "selfservice_registration_flows";

persistence/sql/migrations/templates/20210816142650_flow_internal_context.down.fizz

@@ -0,0 +1,2 @@
+drop_column("selfservice_login_flows", "internal_context")
+drop_column("selfservice_registration_flows", "internal_context")

persistence/sql/migrations/templates/20210816142650_flow_internal_context.up.fizz

@@ -0,0 +1,7 @@
+add_column("selfservice_login_flows", "internal_context", "json", { "null": true })
+sql("UPDATE selfservice_login_flows SET internal_context='{}'")
+change_column("selfservice_login_flows", "internal_context", "json")
+
+add_column("selfservice_registration_flows", "internal_context", "json", { "null": true })
+sql("UPDATE selfservice_registration_flows SET internal_context='{}'")
+change_column("selfservice_registration_flows", "internal_context", "json")

persistence/sql/persister_login.go

@@ -18,12 +18,14 @@ var _ login.FlowPersister = new(Persister)
 
 func (p *Persister) CreateLoginFlow(ctx context.Context, r *login.Flow) error {
 	r.NID = corp.ContextualizeNID(ctx, p.nid)
+	r.EnsureInternalContext()
 	return p.GetConnection(ctx).Create(r)
 }
 
 func (p *Persister) UpdateLoginFlow(ctx context.Context, r *login.Flow) error {
 	cp := *r
 	cp.NID = corp.ContextualizeNID(ctx, p.nid)
+	cp.EnsureInternalContext()
 	return p.update(ctx, cp)
 }
 

persistence/sql/persister_registration.go

@@ -14,12 +14,14 @@ import (
 
 func (p *Persister) CreateRegistrationFlow(ctx context.Context, r *registration.Flow) error {
 	r.NID = corp.ContextualizeNID(ctx, p.nid)
+	r.EnsureInternalContext()
 	return p.GetConnection(ctx).Create(r)
 }
 
 func (p *Persister) UpdateRegistrationFlow(ctx context.Context, r *registration.Flow) error {
 	cp := *r
 	cp.NID = corp.ContextualizeNID(ctx, p.nid)
+	cp.EnsureInternalContext()
 	return p.update(ctx, cp)
 }
 

selfservice/flow/login/flow.go

@@ -8,6 +8,10 @@ import (
 	"strings"
 	"time"
 
+	"github.com/tidwall/gjson"
+
+	"github.com/ory/x/sqlxx"
+
 	"github.com/ory/x/stringsx"
 
 	"github.com/ory/kratos/driver/config"
@@ -58,6 +62,9 @@ type Flow struct {
 	// required: true
 	IssuedAt time.Time `json:"issued_at" faker:"time_type" db:"issued_at"`
 
+	// InternalContext stores internal context used by internals - for example MFA keys.
+	InternalContext sqlxx.JSONRawMessage `db:"internal_context" json:"-" faker:"-"`
+
 	// RequestURL is the initial URL that was requested from Ory Kratos. It can be used
 	// to forward information contained in the URL's path or query for example.
 	//
@@ -110,6 +117,7 @@ func NewFlow(conf *config.Config, exp time.Duration, csrf string, r *http.Reques
 		RequestedAAL: identity.AuthenticatorAssuranceLevel(strings.ToLower(stringsx.Coalesce(
 			r.URL.Query().Get("aal"),
 			string(identity.AuthenticatorAssuranceLevel1)))),
+		InternalContext: []byte("{}"),
 	}
 }
 
@@ -151,3 +159,9 @@ func (f *Flow) AppendTo(src *url.URL) *url.URL {
 func (f Flow) GetNID() uuid.UUID {
 	return f.NID
 }
+
+func (f *Flow) EnsureInternalContext() {
+	if !gjson.ParseBytes(f.InternalContext).IsObject() {
+		f.InternalContext = []byte("{}")
+	}
+}

selfservice/flow/registration/flow.go

@@ -6,6 +6,10 @@ import (
 	"net/url"
 	"time"
 
+	"github.com/tidwall/gjson"
+
+	"github.com/ory/x/sqlxx"
+
 	"github.com/ory/kratos/driver/config"
 	"github.com/ory/kratos/ui/container"
 
@@ -43,6 +47,9 @@ type Flow struct {
 	// required: true
 	IssuedAt time.Time `json:"issued_at" faker:"time_type" db:"issued_at"`
 
+	// InternalContext stores internal context used by internals - for example MFA keys.
+	InternalContext sqlxx.JSONRawMessage `db:"internal_context" json:"-" faker:"-"`
+
 	// RequestURL is the initial URL that was requested from Ory Kratos. It can be used
 	// to forward information contained in the URL's path or query for example.
 	//
@@ -81,8 +88,9 @@ func NewFlow(conf *config.Config, exp time.Duration, csrf string, r *http.Reques
 			Method: "POST",
 			Action: flow.AppendFlowTo(urlx.AppendPaths(conf.SelfPublicURL(r), RouteSubmitFlow), id).String(),
 		},
-		CSRFToken: csrf,
-		Type:      ft,
+		CSRFToken:       csrf,
+		Type:            ft,
+		InternalContext: []byte("{}"),
 	}
 }
 
@@ -116,3 +124,9 @@ func (f *Flow) GetType() flow.Type {
 func (f *Flow) GetRequestURL() string {
 	return f.RequestURL
 }
+
+func (f *Flow) EnsureInternalContext() {
+	if !gjson.ParseBytes(f.InternalContext).IsObject() {
+		f.InternalContext = []byte("{}")
+	}
+}