Add DB changes

[J0]

What kind of change does this PR introduce?

Initial DB schema for MFA. Will add the indexes later in the implementation once I have a clearer idea of what to index

Note that I've changed the base branch to mfa and will be using j0_add_mfa as a draft branch

Main Changes since last review

• We've introduced the concept of a factor_status to differentiate between disabled factors and unverified factors. Factors can only be disabled once they are verified.
• Challenges also have a verification status. Challenges are marked as verified once there is a successful verification
• remove factor_ prefix on the factor table and changed simple_name to friendly_name

[kangmingtay]

can we just solve this by adding a namespace and prefix the factor type with mfa- ?

[J0]

Hmm do you mean like:

CREATE TYPE mfa.factor_type AS ENUM('mfa-phone', 'mfa-webauthn');

?

[kangmingtay]

yup, or even phone-factor , webauthn-factor whichever you prefer

[J0]

Hmm oh how would that help to guard against factor_type already existing though?

It's not that clear but was hoping to guard against the following scenario:

1. Migrations are all applied, GoTrue is running
2. An error occurs and the schema_migrations table is cleared in order to trigger migrations to apply again
3. A restart occurs and GoTrue tries to reapply migrations, migrations prior to add_mfa_schema are ignored since the tables/changes already exist
4. The add_mfa_migration is run again but factor_type already exists and thus an error would be thrown if recreation is attempted

Might be missing something but at step 4. seems like we would also run into a type already exists error when factor_type is created under an mfa schema as well

[kangmingtay]

hmm how would (2) occur, the schema_migrations table wouldn't be dropped by the migration tool unless the user does it explicitly right?

[J0]

Yep the main use case I had in mind was a support ticket with migration issues

[kangmingtay]

friendly_name is just an alias that can be specified by the developer right?

[kangmingtay]

hmm seems like there's a unique constraint on (user_id, friendly_name), so i guess friendly_name will be used to identify one of the mfa factors associated to a user?

[J0]

Yup friendly name is just an alias specified by developer and each user should only be able to specify one factor with given alias (e.g. user123 shouldn't have two factors named "bob" or similar.

[kangmingtay]

just wondering, why is this serial while the other tables are using varchar(256) for the id type?

[kangmingtay]

also, if you wanna go with serial, you should consider using bigint generated always as identity since this would accommodate up to 8bytes (similar to varchar(256) but autoincrementing)

[J0]

Yup great question -- the other two are meant to be of the form prefix_<uuid> (e.g. challenge_1231524) since they are often used together in client lib/endpoint calls and it's purely to help the dev distinguish between the various uuids.

For recovery codes the id is not likely to be used elsewhere/exposed to user so there haven't been any measures. Open to changing it to varchar too though

[kangmingtay]

should this be UNIQUE(factor_id, recovery_code) instead? or are we allowing a user to use a recovery code to bypass any of the factors?

[J0]

Yup, good question -- recovery codes are per user instead of per factor. This seems to be the case for most other auth providers -- User can use any one of the eight recovery codes to log in.

This is also quite dangerous so we'll have to guard it well.