feat(identity): add versioning to credentials

identity/credentials.go

@@ -75,6 +75,9 @@ type Credentials struct {
 	// for passwordless authentication or access_token and refresh tokens from OpenID Connect flows.
 	Config sqlxx.JSONRawMessage `json:"config,omitempty" db:"config"`
 
+	// Version refers to the version of the credential. Useful when changing the config schema.
+	Version int `json:"version" db:"version"`
+
 	IdentityID uuid.UUID `json:"-" faker:"-" db:"identity_id"`
 
 	// CreatedAt is a helper struct field for gobuffalo.pop.
@@ -116,7 +119,7 @@ type (
 	// swagger:ignore
 	ActiveCredentialsCounter interface {
 		ID() CredentialsType
-		CountActiveCredentials(cc map[CredentialsType]Credentials) (int, error)
+		CountActiveFirstFactorCredentials(cc map[CredentialsType]Credentials) (int, error)
 	}
 
 	// swagger:ignore

persistence/sql/migratest/fixtures/identity/5ff66179-c240-4703-b0d8-494592cefff5.json

@@ -1,5 +1,19 @@
 {
   "id": "5ff66179-c240-4703-b0d8-494592cefff5",
+  "credentials": {
+    "password": {
+      "type": "password",
+      "identifiers": [
+        "[email protected]"
+      ],
+      "config": {
+        "hashed_password": "$argon2id$v=19$m=131072,t=2,p=1$lQFPaKxXqPL56/mU7vRi4w$6aldHyBnURt8sP8+xu41Ng"
+      },
+      "version": 0,
+      "created_at": "2013-10-07T08:23:19Z",
+      "updated_at": "2013-10-07T08:23:19Z"
+    }
+  },
   "schema_id": "default",
   "schema_url": "https://www.ory.sh/schemas/ZGVmYXVsdA",
   "state": "active",

persistence/sql/migratest/fixtures/identity/a251ebc2-880c-4f76-a8f3-38e6940eab0e.json

@@ -1,5 +1,19 @@
 {
   "id": "a251ebc2-880c-4f76-a8f3-38e6940eab0e",
+  "credentials": {
+    "password": {
+      "type": "password",
+      "identifiers": [
+        "[email protected]"
+      ],
+      "config": {
+        "hashed_password": "$argon2id$v=19$m=131072,t=2,p=1$lQFPaKxXqPL56/mU7vRi4w$6aldHyBnURt8sP8+xu41Ng"
+      },
+      "version": 0,
+      "created_at": "2013-10-07T08:23:19Z",
+      "updated_at": "2013-10-07T08:23:19Z"
+    }
+  },
   "schema_id": "default",
   "schema_url": "https://www.ory.sh/schemas/ZGVmYXVsdA",
   "state": "active",

persistence/sql/migratest/migration_test.go

@@ -5,6 +5,7 @@ import (
 	"encoding/json"
 	"errors"
 	"fmt"
+	"github.com/ory/kratos/identity"
 	"os"
 	"path/filepath"
 	"testing"
@@ -149,7 +150,7 @@ func TestMigrations(t *testing.T) {
 						// Prevents ordering to get in the way.
 						actual.VerifiableAddresses = nil
 						actual.RecoveryAddresses = nil
-						CompareWithFixture(t, actual, "identity", id.ID.String())
+						CompareWithFixture(t, identity.WithCredentialsInJSON(*actual), "identity", id.ID.String())
 					}
 
 					migratest.ContainsExpectedIds(t, filepath.Join("fixtures", "identity"), found)

persistence/sql/migratest/testdata/20220301102701_testdata.sql

@@ -0,0 +1 @@
+INSERT INTO identity_credentials (id, config, identity_credential_type_id, identity_id, created_at, updated_at, version) VALUES ('4cefc264-4291-4abc-8f26-cc0217874f14', '{"hashed_password":"$argon2id$v=19$m=131072,t=2,p=1$lQFPaKxXqPL56/mU7vRi4w$6aldHyBnURt8sP8+xu41Ng"}', '22bff9ae-f5aa-45d7-803b-97ec0b4e7b32', '5ff66179-c240-4703-b0d8-494592cefff5', '2013-10-07 08:23:19', '2013-10-07 08:23:19', 0);

persistence/sql/migrations/sql/20220301102701000000_identity_credentials_version.cockroach.up.sql

@@ -0,0 +1 @@
+ALTER TABLE identity_credentials ADD version INT NOT NULL DEFAULT '0';

persistence/sql/migrations/sql/20220301102701000000_identity_credentials_version.mysql.up.sql

@@ -0,0 +1 @@
+ALTER TABLE identity_credentials ADD version INT NOT NULL DEFAULT '0';

persistence/sql/migrations/sql/20220301102701000000_identity_credentials_version.postgres.up.sql

@@ -0,0 +1 @@
+ALTER TABLE identity_credentials ADD version INT NOT NULL DEFAULT '0';

persistence/sql/migrations/sql/20220301102701000000_identity_credentials_version.sqlite3.up.sql

@@ -0,0 +1 @@
+ALTER TABLE identity_credentials ADD version INT NOT NULL DEFAULT '0';

persistence/sql/migrations/sql/20220301102701000001_identity_credentials_version.cockroach.down.sql

@@ -0,0 +1 @@
+ALTER TABLE identity_credentials DROP COLUMN version;

persistence/sql/migrations/sql/20220301102701000001_identity_credentials_version.mysql.down.sql

@@ -0,0 +1 @@
+ALTER TABLE identity_credentials DROP COLUMN version;

persistence/sql/migrations/sql/20220301102701000001_identity_credentials_version.postgres.down.sql

@@ -0,0 +1 @@
+ALTER TABLE identity_credentials DROP COLUMN version;

persistence/sql/migrations/sql/20220301102701000001_identity_credentials_version.sqlite3.down.sql

@@ -0,0 +1 @@
+ALTER TABLE identity_credentials DROP COLUMN version;

persistence/sql/migrations/templates/20220301102701_identity_credentials_version.down.sql

@@ -0,0 +1 @@
+ALTER TABLE identity_credentials DROP COLUMN version;

persistence/sql/migrations/templates/20220301102701_identity_credentials_version.up.sql

@@ -0,0 +1 @@
+ALTER TABLE identity_credentials ADD version INT NOT NULL DEFAULT '0';

persistence/sql/persister_identity.go

@@ -7,6 +7,8 @@ import (
 	"strings"
 	"time"
 
+	"github.com/ory/kratos/credentialmigrate"
+
 	"github.com/ory/kratos/corp"
 
 	"github.com/ory/jsonschema/v3"
@@ -386,6 +388,10 @@ func (p *Persister) GetIdentityConfidential(ctx context.Context, id uuid.UUID) (
 		i.Credentials[cred.Type] = *cred
 	}
 
+	if err := credentialmigrate.UpgradeCredentials(&i); err != nil {
+		return nil, err
+	}
+
 	if err := p.findRecoveryAddresses(ctx, &i); err != nil {
 		return nil, err
 	}