From aaf779ac1c29b24ece6d5f3d7892a3bf08277653 Mon Sep 17 00:00:00 2001
From: aeneasr <3372410+aeneasr@users.noreply.github.com>
Date: Wed, 2 Mar 2022 09:43:42 +0100
Subject: [PATCH] feat(identity): add versioning to credentials

---
 identity/credentials.go                            |  5 ++++-
 .../5ff66179-c240-4703-b0d8-494592cefff5.json      | 14 ++++++++++++++
 .../a251ebc2-880c-4f76-a8f3-38e6940eab0e.json      | 14 ++++++++++++++
 persistence/sql/migratest/migration_test.go        |  3 ++-
 .../migratest/testdata/20220301102701_testdata.sql |  1 +
 ...identity_credentials_version.cockroach.down.sql |  0
 ...0_identity_credentials_version.cockroach.up.sql |  1 +
 ...000_identity_credentials_version.mysql.down.sql |  0
 ...00000_identity_credentials_version.mysql.up.sql |  1 +
 ..._identity_credentials_version.postgres.down.sql |  0
 ...00_identity_credentials_version.postgres.up.sql |  1 +
 ...0_identity_credentials_version.sqlite3.down.sql |  0
 ...000_identity_credentials_version.sqlite3.up.sql |  1 +
 ...identity_credentials_version.cockroach.down.sql |  1 +
 ...1_identity_credentials_version.cockroach.up.sql |  0
 ...001_identity_credentials_version.mysql.down.sql |  1 +
 ...00001_identity_credentials_version.mysql.up.sql |  0
 ..._identity_credentials_version.postgres.down.sql |  1 +
 ...01_identity_credentials_version.postgres.up.sql |  0
 ...1_identity_credentials_version.sqlite3.down.sql |  1 +
 ...001_identity_credentials_version.sqlite3.up.sql |  0
 ...301102701_identity_credentials_version.down.sql |  1 +
 ...20301102701_identity_credentials_version.up.sql |  1 +
 persistence/sql/persister_identity.go              |  6 ++++++
 24 files changed, 51 insertions(+), 2 deletions(-)
 create mode 100644 persistence/sql/migratest/testdata/20220301102701_testdata.sql
 create mode 100644 persistence/sql/migrations/sql/20220301102701000000_identity_credentials_version.cockroach.down.sql
 create mode 100644 persistence/sql/migrations/sql/20220301102701000000_identity_credentials_version.cockroach.up.sql
 create mode 100644 persistence/sql/migrations/sql/20220301102701000000_identity_credentials_version.mysql.down.sql
 create mode 100644 persistence/sql/migrations/sql/20220301102701000000_identity_credentials_version.mysql.up.sql
 create mode 100644 persistence/sql/migrations/sql/20220301102701000000_identity_credentials_version.postgres.down.sql
 create mode 100644 persistence/sql/migrations/sql/20220301102701000000_identity_credentials_version.postgres.up.sql
 create mode 100644 persistence/sql/migrations/sql/20220301102701000000_identity_credentials_version.sqlite3.down.sql
 create mode 100644 persistence/sql/migrations/sql/20220301102701000000_identity_credentials_version.sqlite3.up.sql
 create mode 100644 persistence/sql/migrations/sql/20220301102701000001_identity_credentials_version.cockroach.down.sql
 create mode 100644 persistence/sql/migrations/sql/20220301102701000001_identity_credentials_version.cockroach.up.sql
 create mode 100644 persistence/sql/migrations/sql/20220301102701000001_identity_credentials_version.mysql.down.sql
 create mode 100644 persistence/sql/migrations/sql/20220301102701000001_identity_credentials_version.mysql.up.sql
 create mode 100644 persistence/sql/migrations/sql/20220301102701000001_identity_credentials_version.postgres.down.sql
 create mode 100644 persistence/sql/migrations/sql/20220301102701000001_identity_credentials_version.postgres.up.sql
 create mode 100644 persistence/sql/migrations/sql/20220301102701000001_identity_credentials_version.sqlite3.down.sql
 create mode 100644 persistence/sql/migrations/sql/20220301102701000001_identity_credentials_version.sqlite3.up.sql
 create mode 100644 persistence/sql/migrations/templates/20220301102701_identity_credentials_version.down.sql
 create mode 100644 persistence/sql/migrations/templates/20220301102701_identity_credentials_version.up.sql

diff --git a/identity/credentials.go b/identity/credentials.go
index f5ad8c2cebcc..9075ec845f42 100644
--- a/identity/credentials.go
+++ b/identity/credentials.go
@@ -75,6 +75,9 @@ type Credentials struct {
 	// for passwordless authentication or access_token and refresh tokens from OpenID Connect flows.
 	Config sqlxx.JSONRawMessage `json:"config,omitempty" db:"config"`
 
+	// Version refers to the version of the credential. Useful when changing the config schema.
+	Version int `json:"version" db:"version"`
+
 	IdentityID uuid.UUID `json:"-" faker:"-" db:"identity_id"`
 
 	// CreatedAt is a helper struct field for gobuffalo.pop.
@@ -116,7 +119,7 @@ type (
 	// swagger:ignore
 	ActiveCredentialsCounter interface {
 		ID() CredentialsType
-		CountActiveCredentials(cc map[CredentialsType]Credentials) (int, error)
+		CountActiveFirstFactorCredentials(cc map[CredentialsType]Credentials) (int, error)
 	}
 
 	// swagger:ignore
diff --git a/persistence/sql/migratest/fixtures/identity/5ff66179-c240-4703-b0d8-494592cefff5.json b/persistence/sql/migratest/fixtures/identity/5ff66179-c240-4703-b0d8-494592cefff5.json
index b6e9ed0bc41b..d0df2ec4c9ff 100644
--- a/persistence/sql/migratest/fixtures/identity/5ff66179-c240-4703-b0d8-494592cefff5.json
+++ b/persistence/sql/migratest/fixtures/identity/5ff66179-c240-4703-b0d8-494592cefff5.json
@@ -1,5 +1,19 @@
 {
   "id": "5ff66179-c240-4703-b0d8-494592cefff5",
+  "credentials": {
+    "password": {
+      "type": "password",
+      "identifiers": [
+        "foo@ory.sh"
+      ],
+      "config": {
+        "hashed_password": "$argon2id$v=19$m=131072,t=2,p=1$lQFPaKxXqPL56/mU7vRi4w$6aldHyBnURt8sP8+xu41Ng"
+      },
+      "version": 0,
+      "created_at": "2013-10-07T08:23:19Z",
+      "updated_at": "2013-10-07T08:23:19Z"
+    }
+  },
   "schema_id": "default",
   "schema_url": "https://www.ory.sh/schemas/ZGVmYXVsdA",
   "state": "active",
diff --git a/persistence/sql/migratest/fixtures/identity/a251ebc2-880c-4f76-a8f3-38e6940eab0e.json b/persistence/sql/migratest/fixtures/identity/a251ebc2-880c-4f76-a8f3-38e6940eab0e.json
index 9baa12f444db..0bfad18235e4 100644
--- a/persistence/sql/migratest/fixtures/identity/a251ebc2-880c-4f76-a8f3-38e6940eab0e.json
+++ b/persistence/sql/migratest/fixtures/identity/a251ebc2-880c-4f76-a8f3-38e6940eab0e.json
@@ -1,5 +1,19 @@
 {
   "id": "a251ebc2-880c-4f76-a8f3-38e6940eab0e",
+  "credentials": {
+    "password": {
+      "type": "password",
+      "identifiers": [
+        "foobar@ory.sh"
+      ],
+      "config": {
+        "hashed_password": "$argon2id$v=19$m=131072,t=2,p=1$lQFPaKxXqPL56/mU7vRi4w$6aldHyBnURt8sP8+xu41Ng"
+      },
+      "version": 0,
+      "created_at": "2013-10-07T08:23:19Z",
+      "updated_at": "2013-10-07T08:23:19Z"
+    }
+  },
   "schema_id": "default",
   "schema_url": "https://www.ory.sh/schemas/ZGVmYXVsdA",
   "state": "active",
diff --git a/persistence/sql/migratest/migration_test.go b/persistence/sql/migratest/migration_test.go
index d8ffb1f3e6c1..7bc19506d05f 100644
--- a/persistence/sql/migratest/migration_test.go
+++ b/persistence/sql/migratest/migration_test.go
@@ -5,6 +5,7 @@ import (
 	"encoding/json"
 	"errors"
 	"fmt"
+	"github.com/ory/kratos/identity"
 	"os"
 	"path/filepath"
 	"testing"
@@ -149,7 +150,7 @@ func TestMigrations(t *testing.T) {
 						// Prevents ordering to get in the way.
 						actual.VerifiableAddresses = nil
 						actual.RecoveryAddresses = nil
-						CompareWithFixture(t, actual, "identity", id.ID.String())
+						CompareWithFixture(t, identity.WithCredentialsInJSON(*actual), "identity", id.ID.String())
 					}
 
 					migratest.ContainsExpectedIds(t, filepath.Join("fixtures", "identity"), found)
diff --git a/persistence/sql/migratest/testdata/20220301102701_testdata.sql b/persistence/sql/migratest/testdata/20220301102701_testdata.sql
new file mode 100644
index 000000000000..bafd65fde6d4
--- /dev/null
+++ b/persistence/sql/migratest/testdata/20220301102701_testdata.sql
@@ -0,0 +1 @@
+INSERT INTO identity_credentials (id, config, identity_credential_type_id, identity_id, created_at, updated_at, version) VALUES ('4cefc264-4291-4abc-8f26-cc0217874f14', '{"hashed_password":"$argon2id$v=19$m=131072,t=2,p=1$lQFPaKxXqPL56/mU7vRi4w$6aldHyBnURt8sP8+xu41Ng"}', '22bff9ae-f5aa-45d7-803b-97ec0b4e7b32', '5ff66179-c240-4703-b0d8-494592cefff5', '2013-10-07 08:23:19', '2013-10-07 08:23:19', 0);
diff --git a/persistence/sql/migrations/sql/20220301102701000000_identity_credentials_version.cockroach.down.sql b/persistence/sql/migrations/sql/20220301102701000000_identity_credentials_version.cockroach.down.sql
new file mode 100644
index 000000000000..e69de29bb2d1
diff --git a/persistence/sql/migrations/sql/20220301102701000000_identity_credentials_version.cockroach.up.sql b/persistence/sql/migrations/sql/20220301102701000000_identity_credentials_version.cockroach.up.sql
new file mode 100644
index 000000000000..bf642500b7f9
--- /dev/null
+++ b/persistence/sql/migrations/sql/20220301102701000000_identity_credentials_version.cockroach.up.sql
@@ -0,0 +1 @@
+ALTER TABLE identity_credentials ADD version INT NOT NULL DEFAULT '0';
\ No newline at end of file
diff --git a/persistence/sql/migrations/sql/20220301102701000000_identity_credentials_version.mysql.down.sql b/persistence/sql/migrations/sql/20220301102701000000_identity_credentials_version.mysql.down.sql
new file mode 100644
index 000000000000..e69de29bb2d1
diff --git a/persistence/sql/migrations/sql/20220301102701000000_identity_credentials_version.mysql.up.sql b/persistence/sql/migrations/sql/20220301102701000000_identity_credentials_version.mysql.up.sql
new file mode 100644
index 000000000000..bf642500b7f9
--- /dev/null
+++ b/persistence/sql/migrations/sql/20220301102701000000_identity_credentials_version.mysql.up.sql
@@ -0,0 +1 @@
+ALTER TABLE identity_credentials ADD version INT NOT NULL DEFAULT '0';
\ No newline at end of file
diff --git a/persistence/sql/migrations/sql/20220301102701000000_identity_credentials_version.postgres.down.sql b/persistence/sql/migrations/sql/20220301102701000000_identity_credentials_version.postgres.down.sql
new file mode 100644
index 000000000000..e69de29bb2d1
diff --git a/persistence/sql/migrations/sql/20220301102701000000_identity_credentials_version.postgres.up.sql b/persistence/sql/migrations/sql/20220301102701000000_identity_credentials_version.postgres.up.sql
new file mode 100644
index 000000000000..bf642500b7f9
--- /dev/null
+++ b/persistence/sql/migrations/sql/20220301102701000000_identity_credentials_version.postgres.up.sql
@@ -0,0 +1 @@
+ALTER TABLE identity_credentials ADD version INT NOT NULL DEFAULT '0';
\ No newline at end of file
diff --git a/persistence/sql/migrations/sql/20220301102701000000_identity_credentials_version.sqlite3.down.sql b/persistence/sql/migrations/sql/20220301102701000000_identity_credentials_version.sqlite3.down.sql
new file mode 100644
index 000000000000..e69de29bb2d1
diff --git a/persistence/sql/migrations/sql/20220301102701000000_identity_credentials_version.sqlite3.up.sql b/persistence/sql/migrations/sql/20220301102701000000_identity_credentials_version.sqlite3.up.sql
new file mode 100644
index 000000000000..bf642500b7f9
--- /dev/null
+++ b/persistence/sql/migrations/sql/20220301102701000000_identity_credentials_version.sqlite3.up.sql
@@ -0,0 +1 @@
+ALTER TABLE identity_credentials ADD version INT NOT NULL DEFAULT '0';
\ No newline at end of file
diff --git a/persistence/sql/migrations/sql/20220301102701000001_identity_credentials_version.cockroach.down.sql b/persistence/sql/migrations/sql/20220301102701000001_identity_credentials_version.cockroach.down.sql
new file mode 100644
index 000000000000..a117f3dc05ed
--- /dev/null
+++ b/persistence/sql/migrations/sql/20220301102701000001_identity_credentials_version.cockroach.down.sql
@@ -0,0 +1 @@
+ALTER TABLE identity_credentials DROP COLUMN version;
\ No newline at end of file
diff --git a/persistence/sql/migrations/sql/20220301102701000001_identity_credentials_version.cockroach.up.sql b/persistence/sql/migrations/sql/20220301102701000001_identity_credentials_version.cockroach.up.sql
new file mode 100644
index 000000000000..e69de29bb2d1
diff --git a/persistence/sql/migrations/sql/20220301102701000001_identity_credentials_version.mysql.down.sql b/persistence/sql/migrations/sql/20220301102701000001_identity_credentials_version.mysql.down.sql
new file mode 100644
index 000000000000..a117f3dc05ed
--- /dev/null
+++ b/persistence/sql/migrations/sql/20220301102701000001_identity_credentials_version.mysql.down.sql
@@ -0,0 +1 @@
+ALTER TABLE identity_credentials DROP COLUMN version;
\ No newline at end of file
diff --git a/persistence/sql/migrations/sql/20220301102701000001_identity_credentials_version.mysql.up.sql b/persistence/sql/migrations/sql/20220301102701000001_identity_credentials_version.mysql.up.sql
new file mode 100644
index 000000000000..e69de29bb2d1
diff --git a/persistence/sql/migrations/sql/20220301102701000001_identity_credentials_version.postgres.down.sql b/persistence/sql/migrations/sql/20220301102701000001_identity_credentials_version.postgres.down.sql
new file mode 100644
index 000000000000..a117f3dc05ed
--- /dev/null
+++ b/persistence/sql/migrations/sql/20220301102701000001_identity_credentials_version.postgres.down.sql
@@ -0,0 +1 @@
+ALTER TABLE identity_credentials DROP COLUMN version;
\ No newline at end of file
diff --git a/persistence/sql/migrations/sql/20220301102701000001_identity_credentials_version.postgres.up.sql b/persistence/sql/migrations/sql/20220301102701000001_identity_credentials_version.postgres.up.sql
new file mode 100644
index 000000000000..e69de29bb2d1
diff --git a/persistence/sql/migrations/sql/20220301102701000001_identity_credentials_version.sqlite3.down.sql b/persistence/sql/migrations/sql/20220301102701000001_identity_credentials_version.sqlite3.down.sql
new file mode 100644
index 000000000000..a117f3dc05ed
--- /dev/null
+++ b/persistence/sql/migrations/sql/20220301102701000001_identity_credentials_version.sqlite3.down.sql
@@ -0,0 +1 @@
+ALTER TABLE identity_credentials DROP COLUMN version;
\ No newline at end of file
diff --git a/persistence/sql/migrations/sql/20220301102701000001_identity_credentials_version.sqlite3.up.sql b/persistence/sql/migrations/sql/20220301102701000001_identity_credentials_version.sqlite3.up.sql
new file mode 100644
index 000000000000..e69de29bb2d1
diff --git a/persistence/sql/migrations/templates/20220301102701_identity_credentials_version.down.sql b/persistence/sql/migrations/templates/20220301102701_identity_credentials_version.down.sql
new file mode 100644
index 000000000000..efe2609052a7
--- /dev/null
+++ b/persistence/sql/migrations/templates/20220301102701_identity_credentials_version.down.sql
@@ -0,0 +1 @@
+ALTER TABLE identity_credentials DROP COLUMN version;
diff --git a/persistence/sql/migrations/templates/20220301102701_identity_credentials_version.up.sql b/persistence/sql/migrations/templates/20220301102701_identity_credentials_version.up.sql
new file mode 100644
index 000000000000..098d797fc9dd
--- /dev/null
+++ b/persistence/sql/migrations/templates/20220301102701_identity_credentials_version.up.sql
@@ -0,0 +1 @@
+ALTER TABLE identity_credentials ADD version INT NOT NULL DEFAULT '0';
diff --git a/persistence/sql/persister_identity.go b/persistence/sql/persister_identity.go
index 12b34e470624..9c05f8cfb20e 100644
--- a/persistence/sql/persister_identity.go
+++ b/persistence/sql/persister_identity.go
@@ -7,6 +7,8 @@ import (
 	"strings"
 	"time"
 
+	"github.com/ory/kratos/credentialmigrate"
+
 	"github.com/ory/kratos/corp"
 
 	"github.com/ory/jsonschema/v3"
@@ -386,6 +388,10 @@ func (p *Persister) GetIdentityConfidential(ctx context.Context, id uuid.UUID) (
 		i.Credentials[cred.Type] = *cred
 	}
 
+	if err := credentialmigrate.UpgradeCredentials(&i); err != nil {
+		return nil, err
+	}
+
 	if err := p.findRecoveryAddresses(ctx, &i); err != nil {
 		return nil, err
 	}