[PM-5294][deps]: Update Duende.IdentityServer to v6.3.7 (#3499)

* [deps]: Update Duende.IdentityServer to v6.3.6 * Fix test * Grant table changes * Reassert view * EF migrations * Restore non-null key and simpler index * Master SQL sync * Lint * Fix ID setting since the property isn't exposed * Bump to .7 * Point to new Duende package * Drop unused indexes first --------- Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: Matt Bishop <[email protected]>
bitwarden · Dec 28, 2023 · bfa9269 · bfa9269
1 parent de30749
commit bfa9269
Show file tree

Hide file tree

Showing 18 changed files with 7,565 additions and 48 deletions.
diff --git a/.github/renovate.json b/.github/renovate.json
@@ -63,8 +63,7 @@
         "Azure.Storage.Blobs",
         "Azure.Storage.Queues",
         "Fido2.AspNet",
-        "IdentityServer4",
-        "IdentityServer4.AccessTokenValidation",
+        "Duende.IdentityServer",
         "Microsoft.Azure.Cosmos",
         "Microsoft.Azure.Cosmos.Table",
         "Microsoft.Extensions.Caching.StackExchangeRedis",

diff --git a/src/Core/Auth/Entities/Grant.cs b/src/Core/Auth/Entities/Grant.cs
@@ -1,23 +1,25 @@
-using System.ComponentModel.DataAnnotations;
+#nullable enable
+using System.ComponentModel.DataAnnotations;
 
 namespace Bit.Core.Auth.Entities;
 
 public class Grant
 {
+    public int Id { get; set; }
     [MaxLength(200)]
-    public string Key { get; set; }
+    public string Key { get; set; } = null!;
     [MaxLength(50)]
-    public string Type { get; set; }
+    public string Type { get; set; } = null!;
     [MaxLength(200)]
-    public string SubjectId { get; set; }
+    public string? SubjectId { get; set; }
     [MaxLength(100)]
-    public string SessionId { get; set; }
+    public string? SessionId { get; set; }
     [MaxLength(200)]
-    public string ClientId { get; set; }
+    public string ClientId { get; set; } = null!;
     [MaxLength(200)]
-    public string Description { get; set; }
-    public DateTime CreationDate { get; set; }
+    public string? Description { get; set; }
+    public DateTime CreationDate { get; set; } = DateTime.UtcNow;
     public DateTime? ExpirationDate { get; set; }
     public DateTime? ConsumedDate { get; set; }
-    public string Data { get; set; }
+    public string Data { get; set; } = null!;
 }
diff --git a/src/Core/Core.csproj b/src/Core/Core.csproj
@@ -47,7 +47,7 @@
     <PackageReference Include="Serilog.Extensions.Logging" Version="3.1.0" />
     <PackageReference Include="Serilog.Extensions.Logging.File" Version="3.0.0" />
     <PackageReference Include="Sentry.Serilog" Version="3.41.3" />
-    <PackageReference Include="Duende.IdentityServer" Version="6.0.4" />
+    <PackageReference Include="Duende.IdentityServer" Version="6.3.7" />
     <PackageReference Include="Newtonsoft.Json" Version="13.0.3" />
     <PackageReference Include="Serilog.Sinks.AzureCosmosDB" Version="2.0.0" />
     <PackageReference Include="Serilog.Sinks.SyslogMessages" Version="2.0.9" />

diff --git a/src/Infrastructure.EntityFramework/Auth/Configurations/GrantEntityTypeConfiguration.cs b/src/Infrastructure.EntityFramework/Auth/Configurations/GrantEntityTypeConfiguration.cs
@@ -0,0 +1,21 @@
+using Bit.Infrastructure.EntityFramework.Auth.Models;
+using Microsoft.EntityFrameworkCore;
+using Microsoft.EntityFrameworkCore.Metadata.Builders;
+
+namespace Bit.Infrastructure.EntityFramework.Auth.Configurations;
+
+public class GrantEntityTypeConfiguration : IEntityTypeConfiguration<Grant>
+{
+    public void Configure(EntityTypeBuilder<Grant> builder)
+    {
+        builder
+            .HasKey(s => s.Id)
+            .IsClustered();
+
+        builder
+            .HasIndex(s => s.Key)
+            .IsUnique(true);
+
+        builder.ToTable(nameof(Grant));
+    }
+}
diff --git a/src/Infrastructure.EntityFramework/Auth/Repositories/GrantRepository.cs b/src/Infrastructure.EntityFramework/Auth/Repositories/GrantRepository.cs
@@ -81,6 +81,7 @@ public async Task SaveAsync(Core.Auth.Entities.Grant obj)
                                        select g).FirstOrDefaultAsync();
             if (existingGrant != null)
             {
+                obj.Id = existingGrant.Id;
                 dbContext.Entry(existingGrant).CurrentValues.SetValues(obj);
             }
             else

diff --git a/src/Infrastructure.EntityFramework/Repositories/DatabaseContext.cs b/src/Infrastructure.EntityFramework/Repositories/DatabaseContext.cs
@@ -81,7 +81,6 @@ protected override void OnModelCreating(ModelBuilder builder)
         var eEmergencyAccess = builder.Entity<EmergencyAccess>();
         var eEvent = builder.Entity<Event>();
         var eFolder = builder.Entity<Folder>();
-        var eGrant = builder.Entity<Grant>();
         var eGroup = builder.Entity<Group>();
         var eGroupUser = builder.Entity<GroupUser>();
         var eInstallation = builder.Entity<Installation>();
@@ -134,7 +133,6 @@ protected override void OnModelCreating(ModelBuilder builder)
         eCollectionCipher.HasKey(cc => new { cc.CollectionId, cc.CipherId });
         eCollectionUser.HasKey(cu => new { cu.CollectionId, cu.OrganizationUserId });
         eCollectionGroup.HasKey(cg => new { cg.CollectionId, cg.GroupId });
-        eGrant.HasKey(x => x.Key);
         eGroupUser.HasKey(gu => new { gu.GroupId, gu.OrganizationUserId });
 
         var dataProtector = this.GetService<DP.IDataProtectionProvider>().CreateProtector(
@@ -161,7 +159,6 @@ protected override void OnModelCreating(ModelBuilder builder)
         eEmergencyAccess.ToTable(nameof(EmergencyAccess));
         eEvent.ToTable(nameof(Event));
         eFolder.ToTable(nameof(Folder));
-        eGrant.ToTable(nameof(Grant));
         eGroup.ToTable(nameof(Group));
         eGroupUser.ToTable(nameof(GroupUser));
         eInstallation.ToTable(nameof(Installation));

diff --git a/src/Sql/Auth/dbo/Tables/Grant.sql b/src/Sql/Auth/dbo/Tables/Grant.sql
@@ -1,27 +1,25 @@
-CREATE TABLE [dbo].[Grant] (
-    [Key]            NVARCHAR (200) NOT NULL,
-    [Type]           NVARCHAR (50)  NOT NULL,
-    [SubjectId]      NVARCHAR (200) NULL,
-    [SessionId]      NVARCHAR (100) NULL,
-    [ClientId]       NVARCHAR (200) NOT NULL,
-    [Description]    NVARCHAR (200) NULL,
-    [CreationDate]   DATETIME2 (7)  NOT NULL,
-    [ExpirationDate] DATETIME2 (7)  NULL,
-    [ConsumedDate]   DATETIME2 (7)  NULL,
-    [Data]           NVARCHAR (MAX) NOT NULL,
-    CONSTRAINT [PK_Grant] PRIMARY KEY CLUSTERED ([Key] ASC)
+CREATE TABLE [dbo].[Grant]
+(
+    [Id] INT NOT NULL IDENTITY,
+    [Key] NVARCHAR (200) NOT NULL,
+    [Type] NVARCHAR (50) NOT NULL,
+    [SubjectId] NVARCHAR (200) NULL,
+    [SessionId] NVARCHAR (100) NULL,
+    [ClientId] NVARCHAR (200) NOT NULL,
+    [Description] NVARCHAR (200) NULL,
+    [CreationDate] DATETIME2 (7) NOT NULL,
+    [ExpirationDate] DATETIME2 (7) NULL,
+    [ConsumedDate] DATETIME2 (7) NULL,
+    [Data] NVARCHAR (MAX) NOT NULL,
+    CONSTRAINT [PK_Grant] PRIMARY KEY CLUSTERED ([Id] ASC)
 );
 
 
-GO
-CREATE NONCLUSTERED INDEX [IX_Grant_SubjectId_ClientId_Type]
-    ON [dbo].[Grant]([SubjectId] ASC, [ClientId] ASC, [Type] ASC);
-
-GO
-CREATE NONCLUSTERED INDEX [IX_Grant_SubjectId_SessionId_Type]
-    ON [dbo].[Grant]([SubjectId] ASC, [SessionId] ASC, [Type] ASC);
-
 GO
 CREATE NONCLUSTERED INDEX [IX_Grant_ExpirationDate]
     ON [dbo].[Grant]([ExpirationDate] ASC);
 
+GO
+
+CREATE UNIQUE INDEX [IX_Grant_Key]
+    ON [dbo].[Grant]([Key]);
diff --git a/test/Identity.IntegrationTest/openid-configuration.json b/test/Identity.IntegrationTest/openid-configuration.json
@@ -75,7 +75,19 @@
     "HS384",
     "HS512"
   ],
+  "prompt_values_supported": ["none", "login", "consent", "select_account"],
   "authorization_response_iss_parameter_supported": true,
   "backchannel_token_delivery_modes_supported": ["poll"],
-  "backchannel_user_code_parameter_supported": true
+  "backchannel_user_code_parameter_supported": true,
+  "dpop_signing_alg_values_supported": [
+    "RS256",
+    "RS384",
+    "RS512",
+    "PS256",
+    "PS384",
+    "PS512",
+    "ES256",
+    "ES384",
+    "ES512"
+  ]
 }
diff --git a/util/Migrator/DbScripts/2023-12-04_00_GrantIndexes.sql b/util/Migrator/DbScripts/2023-12-04_00_GrantIndexes.sql
@@ -0,0 +1,47 @@
+IF EXISTS(SELECT name
+FROM sys.indexes
+WHERE name = 'IX_Grant_SubjectId_ClientId_Type')
+    BEGIN
+    DROP INDEX [IX_Grant_SubjectId_ClientId_Type] ON [dbo].[Grant]
+END
+GO
+
+IF EXISTS(SELECT name
+FROM sys.indexes
+WHERE name = 'IX_Grant_SubjectId_SessionId_Type')
+    BEGIN
+    DROP INDEX [IX_Grant_SubjectId_SessionId_Type] ON [dbo].[Grant]
+END
+GO
+
+IF COL_LENGTH('[dbo].[Grant]', 'Id') IS NULL
+BEGIN
+    ALTER TABLE [dbo].[Grant]
+        ADD [Id] INT NOT NULL IDENTITY
+
+    ALTER TABLE [dbo].[Grant]
+        DROP CONSTRAINT [PK_Grant];
+
+    ALTER TABLE [dbo].[Grant]
+        ADD CONSTRAINT [PK_Grant] PRIMARY KEY CLUSTERED ([Id] ASC);
+
+    CREATE UNIQUE INDEX [IX_Grant_Key]
+        ON [dbo].[Grant]([Key]);
+END
+GO
+
+IF EXISTS(SELECT *
+FROM sys.views
+WHERE [Name] = 'GrantView')
+    BEGIN
+    DROP VIEW [dbo].[GrantView];
+END
+GO
+
+CREATE VIEW [dbo].[GrantView]
+AS
+    SELECT
+        *
+    FROM
+        [dbo].[Grant]
+GO