From 78ce668a38c914939028be42cd30eefa566ed09a Mon Sep 17 00:00:00 2001
From: aeneasr <3372410+aeneasr@users.noreply.github.com>
Date: Wed, 2 Mar 2022 09:16:31 +0100
Subject: [PATCH] feat: add versioning and improve compatibility for credential
 migrations

---
 ...radeCredentials-type=webauthn-from=v0.json |  6 ++--
 ...radeCredentials-type=webauthn-from=v1.json | 36 +++++++++++++++++++
 credentialmigrate/migrate.go                  | 12 ++++---
 credentialmigrate/migrate_test.go             |  8 +++--
 credentialmigrate/stub/webauthn/v1.json       |  6 ++--
 5 files changed, 54 insertions(+), 14 deletions(-)
 create mode 100644 credentialmigrate/.snapshots/TestUpgradeCredentials-type=webauthn-from=v1.json

diff --git a/credentialmigrate/.snapshots/TestUpgradeCredentials-type=webauthn-from=v0.json b/credentialmigrate/.snapshots/TestUpgradeCredentials-type=webauthn-from=v0.json
index 8c633bb7ebd6..1ce5969a9a93 100644
--- a/credentialmigrate/.snapshots/TestUpgradeCredentials-type=webauthn-from=v0.json
+++ b/credentialmigrate/.snapshots/TestUpgradeCredentials-type=webauthn-from=v0.json
@@ -19,10 +19,10 @@
             },
             "display_name": "asdf",
             "added_at": "2022-02-28T16:40:39Z",
-            "is_passwordless": false,
-            "user_handle": "4d64fa08-20fc-450d-bebd-ebd7c7b6e249"
+            "is_passwordless": false
           }
-        ]
+        ],
+        "user_handle": "TWT6CCD8RQ2+vevXx7biSQ=="
       },
       "version": 1,
       "created_at": "0001-01-01T00:00:00Z",
diff --git a/credentialmigrate/.snapshots/TestUpgradeCredentials-type=webauthn-from=v1.json b/credentialmigrate/.snapshots/TestUpgradeCredentials-type=webauthn-from=v1.json
new file mode 100644
index 000000000000..f66490c6e508
--- /dev/null
+++ b/credentialmigrate/.snapshots/TestUpgradeCredentials-type=webauthn-from=v1.json
@@ -0,0 +1,36 @@
+{
+  "id": "4d64fa08-20fc-450d-bebd-ebd7c7b6e249",
+  "credentials": {
+    "webauthn": {
+      "type": "webauthn",
+      "identifiers": null,
+      "config": {
+        "credentials": [
+          {
+            "id": "HQ4LaIJ9NiqS1r0CQpWY+K0gMvhOq4yk5BHuO/YlitcurSpBK7weDXOvBcuN4lvn6DAmjGfmj/J/6bpOmtdT8Q==",
+            "public_key": "pQECAyYgASFYILAYFLoH1T8bQMSbPrNBCMMS5U7OFWRwv2U+GkAoiBADIlggBv+8ni7XVZYBB8ufMbP/d9fDxbmOkVVHOgcJifnoOR4=",
+            "attestation_type": "none",
+            "authenticator": {
+              "aaguid": "AAAAAAAAAAAAAAAAAAAAAA==",
+              "sign_count": 4,
+              "clone_warning": false
+            },
+            "display_name": "asdf",
+            "added_at": "2022-02-28T16:40:39Z",
+            "is_passwordless": true
+          }
+        ],
+        "user_handle": "2gZaSs9fTEeGmsBlC4gfgg=="
+      },
+      "version": 1,
+      "created_at": "0001-01-01T00:00:00Z",
+      "updated_at": "0001-01-01T00:00:00Z"
+    }
+  },
+  "schema_id": "",
+  "schema_url": "",
+  "state": "",
+  "traits": null,
+  "created_at": "0001-01-01T00:00:00Z",
+  "updated_at": "0001-01-01T00:00:00Z"
+}
diff --git a/credentialmigrate/migrate.go b/credentialmigrate/migrate.go
index 0e29a40b5697..fee4fe6a20e8 100644
--- a/credentialmigrate/migrate.go
+++ b/credentialmigrate/migrate.go
@@ -2,20 +2,22 @@ package credentialmigrate
 
 import (
 	"encoding/json"
+
+	"github.com/pkg/errors"
+
 	"github.com/ory/kratos/identity"
 	"github.com/ory/kratos/selfservice/strategy/webauthn"
-	"github.com/pkg/errors"
 )
 
 // UpgradeWebAuthnCredential migrates a webauthn credential from an older version to a newer version.
 func UpgradeWebAuthnCredential(i *identity.Identity, ic *identity.Credentials, c *webauthn.CredentialsConfig) {
 	if ic.Version == 0 {
-		for k := range c.Credentials {
-			c.Credentials[k].UserHandle = i.ID.String()
-
-			// We do not set c.IsPasswordless  as it defaults to false anyways, which is the correct migration .
+		if len(c.UserHandle) == 0 {
+			c.UserHandle = i.ID[:]
 		}
 
+		// We do not set c.IsPasswordless as it defaults to false anyways, which is the correct migration .
+
 		ic.Version = 1
 	}
 }
diff --git a/credentialmigrate/migrate_test.go b/credentialmigrate/migrate_test.go
index ed2813eb2de2..4358a607b828 100644
--- a/credentialmigrate/migrate_test.go
+++ b/credentialmigrate/migrate_test.go
@@ -2,12 +2,14 @@ package credentialmigrate
 
 import (
 	_ "embed"
+	"testing"
+
 	"github.com/gofrs/uuid"
-	"github.com/ory/kratos/identity"
-	"github.com/ory/x/snapshotx"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
-	"testing"
+
+	"github.com/ory/kratos/identity"
+	"github.com/ory/x/snapshotx"
 )
 
 //go:embed stub/webauthn/v0.json
diff --git a/credentialmigrate/stub/webauthn/v1.json b/credentialmigrate/stub/webauthn/v1.json
index 74ca836a3de3..cdb8720dbbc7 100644
--- a/credentialmigrate/stub/webauthn/v1.json
+++ b/credentialmigrate/stub/webauthn/v1.json
@@ -11,8 +11,8 @@
       },
       "display_name": "asdf",
       "added_at": "2022-02-28T16:40:39Z",
-      "is_passwordless": true,
-      "user_handle": "4d64fa08-20fc-450d-bebd-ebd7c7b6e249"
+      "is_passwordless": true
     }
-  ]
+  ],
+  "user_handle":"2gZaSs9fTEeGmsBlC4gfgg=="
 }