├── .circleci
    └── config.yml
├── .dockerignore
├── .eslintrc
├── .gitignore
├── .migration-lint-ignore.json
├── .nsprc
├── .travis.yml
├── AUTHORS
├── CHANGELOG-server.md
├── CHANGELOG.md
├── CONTRIBUTING.md
├── Dockerfile-build
├── Dockerfile-test
├── Gruntfile.js
├── LICENSE
├── README.md
├── bin
    ├── db_patcher.js
    ├── mem.js
    ├── metrics.js
    └── server.js
├── config
    ├── config.js
    └── index.js
├── db-server
    ├── index.js
    ├── lib
    │   ├── bufferize.js
    │   ├── error.js
    │   └── safeJsonFormatter.js
    └── test
    │   ├── .eslintrc
    │   ├── backend
    │       ├── db_tests.js
    │       ├── index.js
    │       └── remote.js
    │   ├── client-then.js
    │   ├── fake.js
    │   └── local
    │       ├── bufferize.js
    │       ├── error.js
    │       └── safeJsonFormatter.js
├── docs
    ├── API.md
    └── DB_API.md
├── grunttasks
    ├── bump.js
    ├── changelog.js
    ├── copyright.js
    ├── eslint.js
    ├── nsp.js
    └── version.js
├── index.js
├── lib
    ├── constants.js
    ├── db
    │   ├── mem.js
    │   ├── mysql.js
    │   ├── patch.js
    │   ├── random.js
    │   ├── schema
    │   │   ├── README.md
    │   │   ├── patch-000-001.sql
    │   │   ├── patch-001-000.sql
    │   │   ├── patch-001-002.sql
    │   │   ├── patch-002-001.sql
    │   │   ├── patch-002-003.sql
    │   │   ├── patch-003-002.sql
    │   │   ├── patch-003-004.sql
    │   │   ├── patch-004-003.sql
    │   │   ├── patch-004-005.sql
    │   │   ├── patch-005-004.sql
    │   │   ├── patch-005-006.sql
    │   │   ├── patch-006-005.sql
    │   │   ├── patch-006-007.sql
    │   │   ├── patch-007-006.sql
    │   │   ├── patch-007-008.sql
    │   │   ├── patch-008-007.sql
    │   │   ├── patch-008-009.sql
    │   │   ├── patch-009-008.sql
    │   │   ├── patch-009-010.sql
    │   │   ├── patch-010-009.sql
    │   │   ├── patch-010-011.sql
    │   │   ├── patch-011-010.sql
    │   │   ├── patch-011-012.sql
    │   │   ├── patch-012-011.sql
    │   │   ├── patch-012-013.sql
    │   │   ├── patch-013-012.sql
    │   │   ├── patch-013-014.sql
    │   │   ├── patch-014-013.sql
    │   │   ├── patch-014-015.sql
    │   │   ├── patch-015-014.sql
    │   │   ├── patch-015-016.sql
    │   │   ├── patch-016-015.sql
    │   │   ├── patch-016-017.sql
    │   │   ├── patch-017-016.sql
    │   │   ├── patch-017-018.sql
    │   │   ├── patch-018-017.sql
    │   │   ├── patch-018-019.sql
    │   │   ├── patch-019-018.sql
    │   │   ├── patch-019-020.sql
    │   │   ├── patch-020-019.sql
    │   │   ├── patch-020-021.sql
    │   │   ├── patch-021-020.sql
    │   │   ├── patch-021-022.sql
    │   │   ├── patch-022-021.sql
    │   │   ├── patch-022-023.sql
    │   │   ├── patch-023-022.sql
    │   │   ├── patch-023-024.sql
    │   │   ├── patch-024-023.sql
    │   │   ├── patch-024-025.sql
    │   │   ├── patch-025-024.sql
    │   │   ├── patch-025-026.sql
    │   │   ├── patch-026-025.sql
    │   │   ├── patch-026-027.sql
    │   │   ├── patch-027-026.sql
    │   │   ├── patch-027-028.sql
    │   │   ├── patch-028-027.sql
    │   │   ├── patch-028-029.sql
    │   │   ├── patch-029-028.sql
    │   │   ├── patch-029-30.sql
    │   │   ├── patch-030-029.sql
    │   │   ├── patch-030-031.sql
    │   │   ├── patch-031-030.sql
    │   │   ├── patch-031-032.sql
    │   │   ├── patch-032-031.sql
    │   │   ├── patch-032-033.sql
    │   │   ├── patch-033-032.sql
    │   │   ├── patch-033-034.sql
    │   │   ├── patch-034-033.sql
    │   │   ├── patch-034-035.sql
    │   │   ├── patch-035-034.sql
    │   │   ├── patch-035-036.sql
    │   │   ├── patch-036-035.sql
    │   │   ├── patch-036-037.sql
    │   │   ├── patch-037-036.sql
    │   │   ├── patch-037-038.sql
    │   │   ├── patch-038-037.sql
    │   │   ├── patch-038-039.sql
    │   │   ├── patch-039-038.sql
    │   │   ├── patch-039-040.sql
    │   │   ├── patch-040-039.sql
    │   │   ├── patch-040-041.sql
    │   │   ├── patch-041-040.sql
    │   │   ├── patch-041-042.sql
    │   │   ├── patch-042-041.sql
    │   │   ├── patch-042-043.sql
    │   │   ├── patch-043-042.sql
    │   │   ├── patch-043-044.sql
    │   │   ├── patch-044-043.sql
    │   │   ├── patch-044-045.sql
    │   │   ├── patch-045-044.sql
    │   │   ├── patch-045-046.sql
    │   │   ├── patch-046-045.sql
    │   │   ├── patch-046-047.sql
    │   │   ├── patch-047-046.sql
    │   │   ├── patch-047-048.sql
    │   │   ├── patch-048-047.sql
    │   │   ├── patch-048-049.sql
    │   │   ├── patch-049-048.sql
    │   │   ├── patch-049-050.sql
    │   │   ├── patch-050-049.sql
    │   │   ├── patch-050-051.sql
    │   │   ├── patch-051-050.sql
    │   │   ├── patch-051-052.sql
    │   │   ├── patch-052-051.sql
    │   │   ├── patch-052-053.sql
    │   │   ├── patch-053-052.sql
    │   │   ├── patch-053-054.sql
    │   │   ├── patch-054-053.sql
    │   │   ├── patch-054-055.sql
    │   │   ├── patch-055-054.sql
    │   │   ├── patch-055-056.sql
    │   │   ├── patch-056-055.sql
    │   │   ├── patch-056-057.sql
    │   │   ├── patch-057-056.sql
    │   │   ├── patch-057-058.sql
    │   │   ├── patch-058-057.sql
    │   │   ├── patch-058-059.sql
    │   │   ├── patch-059-058.sql
    │   │   ├── patch-059-060.sql
    │   │   ├── patch-060-059.sql
    │   │   ├── patch-060-061.sql
    │   │   ├── patch-061-060.sql
    │   │   ├── patch-061-062.sql
    │   │   ├── patch-062-061.sql
    │   │   ├── patch-062-063.sql
    │   │   ├── patch-063-062.sql
    │   │   ├── patch-063-064.sql
    │   │   ├── patch-064-063.sql
    │   │   ├── patch-064-065.sql
    │   │   ├── patch-065-064.sql
    │   │   ├── patch-065-066.sql
    │   │   ├── patch-066-065.sql
    │   │   ├── patch-066-067.sql
    │   │   ├── patch-067-066.sql
    │   │   ├── patch-067-068.sql
    │   │   ├── patch-068-067.sql
    │   │   ├── patch-068-069.sql
    │   │   ├── patch-069-068.sql
    │   │   ├── patch-069-070.sql
    │   │   ├── patch-070-069.sql
    │   │   ├── patch-070-071.sql
    │   │   ├── patch-071-070.sql
    │   │   ├── patch-071-072.sql
    │   │   ├── patch-072-071.sql
    │   │   ├── patch-072-073.sql
    │   │   ├── patch-073-072.sql
    │   │   ├── patch-073-074.sql
    │   │   ├── patch-074-073.sql
    │   │   ├── patch-074-075.sql
    │   │   ├── patch-075-074.sql
    │   │   ├── patch-075-076.sql
    │   │   ├── patch-076-075.sql
    │   │   ├── patch-076-077.sql
    │   │   ├── patch-077-076.sql
    │   │   ├── patch-077-078.sql
    │   │   ├── patch-078-077.sql
    │   │   ├── patch-078-079.sql
    │   │   ├── patch-079-078.sql
    │   │   ├── patch-079-080.sql
    │   │   ├── patch-080-079.sql
    │   │   ├── patch-080-081.sql
    │   │   ├── patch-081-080.sql
    │   │   ├── patch-081-082.sql
    │   │   ├── patch-082-081.sql
    │   │   ├── patch-082-083.sql
    │   │   ├── patch-083-082.sql
    │   │   ├── patch-083-084.sql
    │   │   ├── patch-084-083.sql
    │   │   ├── patch-084-085.sql
    │   │   ├── patch-085-084.sql
    │   │   ├── patch-085-086.sql
    │   │   ├── patch-086-085.sql
    │   │   ├── patch-086-087.sql
    │   │   ├── patch-087-086.sql
    │   │   ├── patch-087-088.sql
    │   │   ├── patch-088-087.sql
    │   │   ├── patch-088-089.sql
    │   │   ├── patch-089-088.sql
    │   │   ├── patch-089-090.sql
    │   │   ├── patch-090-089.sql
    │   │   ├── patch-090-091.sql
    │   │   ├── patch-091-090.sql
    │   │   ├── patch-091-092.sql
    │   │   ├── patch-092-091.sql
    │   │   ├── patch-092-093.sql
    │   │   ├── patch-093-092.sql
    │   │   ├── patch-093-094.sql
    │   │   ├── patch-094-093.sql
    │   │   ├── patch-094-095.sql
    │   │   ├── patch-095-094.sql
    │   │   ├── patch-095-096.sql
    │   │   ├── patch-096-095.sql
    │   │   ├── patch-096-097.sql
    │   │   └── patch-097-096.sql
    │   └── util.js
    ├── logging.js
    ├── newrelic.js
    └── promise.js
├── npm-shrinkwrap.json
├── package.json
├── scripts
    ├── .eslintrc
    ├── analyze-mx-stats.js
    ├── create-triggers-accounts.sh
    ├── create-triggers-accounts.sql
    ├── createAccounts.js
    ├── metrics-loop.sh
    ├── metrics-perf.sh
    ├── migration-lint.js
    ├── migration.sh
    ├── mocha-coverage.js
    ├── populate-session-tokens.js
    ├── rpm-version.js
    └── union-compare-two-tables.sql
└── test
    ├── .eslintrc
    ├── backend
        ├── db_tests.js
        └── remote.js
    ├── db_server_stub.js
    ├── harness.js
    ├── lib
        └── log.js
    ├── local
        ├── constants_test.js
        ├── incorrect-patch-level.js
        ├── log-stats.js
        ├── metrics_tests.js
        ├── mysql_tests.js
        ├── prune_tokens.js
        ├── random.js
        └── utils.js
    └── mem
        ├── db_tests.js
        └── remote.js


/.circleci/config.yml:
--------------------------------------------------------------------------------
 1 | # These environment variables must be set in CircleCI UI
 2 | #
 3 | # DOCKERHUB_REPO - docker hub repo, format: <username>/<repo>
 4 | # DOCKER_EMAIL   - login info for docker hub
 5 | # DOCKER_USER
 6 | # DOCKER_PASS
 7 | #
 8 | version: 2
 9 | jobs:
10 |   build:
11 |     docker:
12 |       - image: circleci/node:10
13 |     steps:
14 |       - checkout
15 |       - setup_remote_docker
16 | 
17 |       - run:
18 |           name: Create version.json
19 |           command: >
20 |             printf '{"version":{"hash":"%s","version":"%s","source":"https://github.com/%s/%s","build":"%s"}}\n'
21 |             "$CIRCLE_SHA1"
22 |             "$CIRCLE_TAG"
23 |             "$CIRCLE_PROJECT_USERNAME"
24 |             "$CIRCLE_PROJECT_REPONAME"
25 |             "$CIRCLE_BUILD_URL"
26 |             | tee config/version.json version.json
27 |       - store_artifacts:
28 |           path: version.json
29 | 
30 |       - run:
31 |           name: Build deployment container image
32 |           command: docker build -f Dockerfile-build -t fxa-auth-db-mysql:build .
33 | 
34 |       - run:
35 |           name: Check npm install
36 |           command: docker run --rm -it fxa-auth-db-mysql:build npm ls --production
37 | 
38 |       - run:
39 |           name: Start mysql
40 |           command: docker pull mysql/mysql-server:5.6 && docker run -d --name=mydb -e MYSQL_ALLOW_EMPTY_PASSWORD=true -e MYSQL_ROOT_HOST=% -p 3306:3306 mysql/mysql-server:5.6
41 | 
42 |       - run:
43 |           name: Build test container image
44 |           command: docker build -f Dockerfile-test -t fxa-auth-db-mysql:test .
45 | 
46 |       - run:
47 |           name: Run Tests
48 |           command: docker run --net="host" fxa-auth-db-mysql:test npm test
49 | 
50 |       - run:
51 |           name: Push to Dockerhub
52 |           command: |
53 |             if [ "${CIRCLE_BRANCH}" == "master" ]; then
54 |               DOCKER_TAG="latest"
55 |             fi
56 | 
57 |             if [[ "${CIRCLE_BRANCH}" == feature* ]] || [[ "${CIRCLE_BRANCH}" == dockerpush* ]]; then
58 |               DOCKER_TAG="${CIRCLE_BRANCH}"
59 |             fi
60 | 
61 |             if [ -n "${CIRCLE_TAG}" ]; then
62 |               DOCKER_TAG="$CIRCLE_TAG"
63 |             fi
64 | 
65 |             if [ -n "${DOCKER_TAG}" ]; then
66 |               echo "$DOCKER_PASS" | docker login -u "$DOCKER_USER" --password-stdin
67 |               echo ${DOCKERHUB_REPO}:${DOCKER_TAG}
68 |               docker tag fxa-auth-db-mysql:build ${DOCKERHUB_REPO}:${DOCKER_TAG}
69 |               docker images
70 |               docker push ${DOCKERHUB_REPO}:${DOCKER_TAG}
71 |             fi
72 | 
73 | workflows:
74 |   version: 2
75 | 
76 |   # workflow jobs are _not_ run in tag builds by default
77 |   # we use filters to whitelist jobs that should be run for tags
78 | 
79 |   # workflow jobs are run in _all_ branch builds by default
80 |   # we use filters to blacklist jobs that shouldn't be run for a branch
81 | 
82 |   # see: https://circleci.com/docs/2.0/workflows/#git-tag-job-execution
83 | 
84 |   build-test-push:
85 |     jobs:
86 |       - build:
87 |           filters:
88 |             tags:
89 |               only: /.*/
90 | 


--------------------------------------------------------------------------------
/.dockerignore:
--------------------------------------------------------------------------------
1 | .git
2 | 


--------------------------------------------------------------------------------
/.eslintrc:
--------------------------------------------------------------------------------
 1 | plugins:
 2 |   - fxa
 3 | extends: plugin:fxa/server
 4 | 
 5 | rules:
 6 |   complexity: 0
 7 |   handle-callback-err: 0
 8 |   semi: [2, "never"]
 9 | 
10 | parserOptions:
11 |   ecmaVersion: 2018
12 | 


--------------------------------------------------------------------------------
/.gitignore:
--------------------------------------------------------------------------------
 1 | config/dev.js
 2 | db-server/node_modules
 3 | node_modules/
 4 | sandbox/
 5 | coverage.html
 6 | .nyc_output
 7 | *.log
 8 | *.swp
 9 | *~
10 | 


--------------------------------------------------------------------------------
/.migration-lint-ignore.json:
--------------------------------------------------------------------------------
 1 | {
 2 |   "procedures": [
 3 |     "accountEmails_4",
 4 |     "accountExists_2",
 5 |     "consumeRecoveryCode_2",
 6 |     "createAccount_7",
 7 |     "createEmail_2",
 8 |     "createEmailBounce_1",
 9 |     "deleteEmail_4",
10 |     "emailRecord_4",
11 |     "fetchEmailBounces_1",
12 |     "fetchVerificationReminders_2",
13 |     "getSecondaryEmail_1",
14 |     "prune_7",
15 |     "sessionWithDevice_15",
16 |     "setPrimaryEmail_3"
17 |   ],
18 |   "tables": [
19 |     "deviceCommands",
20 |     "securityEvents"
21 |   ]
22 | }
23 | 


--------------------------------------------------------------------------------
/.nsprc:
--------------------------------------------------------------------------------
1 | {
2 |   "exceptions": []
3 | }
4 | 


--------------------------------------------------------------------------------
/.travis.yml:
--------------------------------------------------------------------------------
 1 | language: node_js
 2 | 
 3 | node_js: "10"
 4 | 
 5 | dist: trusty
 6 | 
 7 | addons:
 8 |   apt:
 9 |     packages:
10 |     - mysql-server-5.6
11 |     - mysql-client-core-5.6
12 |     - mysql-client-5.6
13 | 
14 | services:
15 |   - mysql
16 | 
17 | notifications:
18 |   email:
19 |     - dcoates@mozilla.com
20 |     - jrgm@mozilla.com
21 |     - rfkelly@mozilla.com
22 |   irc:
23 |     channels:
24 |       - "irc.mozilla.org#fxa-bots"
25 |     use_notice: false
26 |     skip_join: false
27 | 
28 | before_install:
29 |   - npm config set spin false
30 | 
31 | before_script:
32 |   - mysql -u root -e 'DROP DATABASE IF EXISTS fxa'
33 |   - npm i grunt-cli -g
34 |   - npm run outdated
35 |   # HACK: ignore npm audit errors for now until we get them all fixed
36 |   - npm audit || true
37 | 
38 | script:
39 |   - npm run test-travis
40 |   - npm run migration-lint
41 | 


--------------------------------------------------------------------------------
/AUTHORS:
--------------------------------------------------------------------------------
 1 | Andrew Chilton <andychilton@gmail.com>
 2 | Danny Coates <dannycoates@gmail.com>
 3 | Edouard Oger <edouard.oger@gmail.com>
 4 | Edouard Oger <eoger@fastmail.com>
 5 | Greg Guthe <g-k@users.noreply.github.com>
 6 | Jamon Camisso <jamonation+git@gmail.com>
 7 | Jamon Camisso <jamonation@users.noreply.github.com>
 8 | John Morrison <jrgmorrison@gmail.com>
 9 | Jon Buckley <jbuckley@mozilla.com>
10 | Jon Buckley <jon@jbuckley.ca>
11 | Michiel de Jong <mbdejong@mozilla.com>
12 | Peter deHaan <peter@deseloper.com>
13 | Phil Booth <pmbooth@gmail.com>
14 | Ryan Kelly <rfkelly@mozilla.com>
15 | Ryan Kelly <ryan@rfk.id.au>
16 | Sai Pc <schand31@asu.edu>
17 | Sean McArthur <sean.monstar@gmail.com>
18 | Shane Tomlinson <stomlinson@mozilla.com>
19 | Vijay Budhram <vbudhram@gmail.com>
20 | Vijay Budhram <vbudhram@mozilla.com>
21 | Vlad Filippov <vlad.filippov@gmail.com>
22 | vladikoff <vlad.filippov@gmail.com>
23 | 


--------------------------------------------------------------------------------
/Dockerfile-build:
--------------------------------------------------------------------------------
 1 | FROM node:10-alpine
 2 | 
 3 | RUN npm install -g npm@6 && rm -rf ~app/.npm /tmp/*
 4 | 
 5 | RUN apk add --no-cache make git gcc g++ python
 6 | 
 7 | RUN addgroup -g 10001 app && \
 8 |     adduser -D -G app -h /app -u 10001 app
 9 | WORKDIR /app
10 | 
11 | # S3 bucket in Cloud Services prod IAM
12 | ADD https://s3.amazonaws.com/dumb-init-dist/v1.2.0/dumb-init_1.2.0_amd64 /usr/local/bin/dumb-init
13 | RUN chmod +x /usr/local/bin/dumb-init
14 | ENTRYPOINT ["/usr/local/bin/dumb-init", "--"]
15 | 
16 | USER app
17 | 
18 | COPY npm-shrinkwrap.json npm-shrinkwrap.json
19 | COPY package.json package.json
20 | 
21 | RUN npm install --production && rm -rf ~app/.npm /tmp/*
22 | 
23 | COPY . /app
24 | 


--------------------------------------------------------------------------------
/Dockerfile-test:
--------------------------------------------------------------------------------
1 | FROM fxa-auth-db-mysql:build
2 | RUN npm install
3 | 


--------------------------------------------------------------------------------
/Gruntfile.js:
--------------------------------------------------------------------------------
 1 | /* This Source Code Form is subject to the terms of the Mozilla Public
 2 |  * License, v. 2.0. If a copy of the MPL was not distributed with this
 3 |  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 4 | 
 5 | module.exports = function (grunt) {
 6 |   require('load-grunt-tasks')(grunt);
 7 | 
 8 |   grunt.loadTasks('grunttasks');
 9 | 
10 |   grunt.registerTask('default', ['eslint', 'copyright']);
11 | };
12 | 


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
1 | # This repository has been migrated to https://github.com/mozilla/fxa/tree/master/packages/fxa-auth-db-mysql
2 | 
3 | Please file issues and open pull requests against https://github.com/mozilla/fxa
4 | 


--------------------------------------------------------------------------------
/bin/db_patcher.js:
--------------------------------------------------------------------------------
 1 | /* This Source Code Form is subject to the terms of the Mozilla Public
 2 |  * License, v. 2.0. If a copy of the MPL was not distributed with this
 3 |  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 4 | 
 5 | var path = require('path')
 6 | var mysql = require('mysql')
 7 | var config = require('../config')
 8 | var logger = require('../lib/logging')('bin.db_patcher')
 9 | var patcher = require('mysql-patcher')
10 | 
11 | var patch = require('../lib/db/patch')
12 | const constants = require('../lib/constants')
13 | 
14 | // set some options
15 | var options = Object.assign({}, config.master)
16 | options.dir = path.join(__dirname, '..', 'lib', 'db', 'schema')
17 | options.patchKey = config.patchKey
18 | options.metaTable = 'dbMetadata'
19 | options.patchLevel = patch.level
20 | options.mysql = mysql
21 | options.createDatabase = true
22 | options.reversePatchAllowed = false
23 | options.database = constants.DATABASE_NAME
24 | 
25 | patcher.patch(options, function(err) {
26 |   if (err) {
27 |     logger.error('patch-error', { err : '' + err })
28 |     process.exit(2)
29 |   }
30 |   logger.info('patched', { level : options.patchLevel })
31 | })
32 | 


--------------------------------------------------------------------------------
/bin/mem.js:
--------------------------------------------------------------------------------
 1 | /* This Source Code Form is subject to the terms of the Mozilla Public
 2 |  * License, v. 2.0. If a copy of the MPL was not distributed with this
 3 |  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 4 | 
 5 | var config = require('../config')
 6 | var dbServer = require('../db-server')
 7 | var error = dbServer.errors
 8 | var logger = require('../lib/logging')('bin.server')
 9 | var DB = require('../lib/db/mem')(logger, error)
10 | 
11 | DB.connect(config)
12 |   .done(function (db) {
13 |     var server = dbServer.createServer(db)
14 |     server.listen(config.port, config.hostname, function() {
15 |       logger.info('start', { port : config.port })
16 |     })
17 |     server.on('error', function (err) {
18 |       logger.error('start', { message: err.message })
19 |     })
20 |     server.on('success', function (d) {
21 |       logger.info('summary', d)
22 |     })
23 |     server.on('failure', function (err) {
24 |       if (err.statusCode >= 500) {
25 |         logger.error('summary', err)
26 |       }
27 |       else {
28 |         logger.warn('summary', err)
29 |       }
30 |     })
31 |     server.on('mem', function (stats) {
32 |       logger.info('mem', stats)
33 |     })
34 |   })
35 | 


--------------------------------------------------------------------------------
/bin/server.js:
--------------------------------------------------------------------------------
 1 | /* This Source Code Form is subject to the terms of the Mozilla Public
 2 |  * License, v. 2.0. If a copy of the MPL was not distributed with this
 3 |  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 4 | 
 5 | // This MUST be the first require in the program.
 6 | // Only `require()` the newrelic module if explicity enabled.
 7 | // If required, modules will be instrumented.
 8 | require('../lib/newrelic')()
 9 | 
10 | var config = require('../config')
11 | var dbServer = require('../db-server')
12 | var error = dbServer.errors
13 | var logger = require('../lib/logging')('bin.server')
14 | var DB = require('../lib/db/mysql')(logger, error)
15 | var restify = require('restify')
16 | // configure Sentry
17 | var Raven = require('raven')
18 | const sentryDsn = config.sentryDsn
19 | 
20 | if (sentryDsn) {
21 |   Raven.config(sentryDsn, {})
22 |   logger.info('sentryEnabled')
23 | } else {
24 |   logger.info('sentryDisabled')
25 | }
26 | 
27 | function logCharsetInfo(db, poolName) {
28 |   // Record some information about mysql connection configuration and
29 |   // charset at startup.
30 |   db._showVariables(poolName)
31 |     .then(
32 |       function(variables) {
33 |         logger.info([ 'variables', poolName ].join('.'), variables)
34 |       }
35 |     )
36 |     .then(
37 |       function() {
38 |         return db._connectionConfig(poolName)
39 |       }
40 |     )
41 |     .then(
42 |       function(config) {
43 |         logger.info([ 'connectionConfig', poolName ].join('.'), config)
44 |       }
45 |     ).catch(
46 |       function(err) {
47 |         logger.error('error', { error: err })
48 |       }
49 |     )
50 | }
51 | 
52 | DB.connect(config)
53 |   .done(function (db) {
54 |     // Serve the HTTP API.
55 |     var server = dbServer.createServer(db)
56 |     server.listen(config.port, config.hostname, function() {
57 |       logger.info('start', { port : config.port })
58 |     })
59 | 
60 |     server.on('uncaughtException', function (req, res, route, err) {
61 |       if (sentryDsn) {
62 |         Raven.captureException(err)
63 |       }
64 |       res.send(new restify.errors.InternalServerError('Server Error'))
65 |     })
66 | 
67 |     server.on('error', function (err) {
68 |       if (sentryDsn) {
69 |         Raven.captureException(err)
70 |       }
71 |       logger.error('start', { message: err.message })
72 |     })
73 |     server.on('success', function (d) {
74 |       logger.info('summary', d)
75 |     })
76 |     server.on('failure', function (err) {
77 |       if (err.statusCode >= 500) {
78 |         logger.error('summary', err)
79 |       }
80 |       else {
81 |         logger.warn('summary', err)
82 |       }
83 |     })
84 |     server.on('mem', function (stats) {
85 |       logger.info('mem', stats)
86 |     })
87 | 
88 |     // Log connection config and charset info
89 |     logCharsetInfo(db, 'MASTER')
90 |     logCharsetInfo(db, 'SLAVE')
91 |   })
92 | 


--------------------------------------------------------------------------------
/config/index.js:
--------------------------------------------------------------------------------
 1 | /* This Source Code Form is subject to the terms of the Mozilla Public
 2 |  * License, v. 2.0. If a copy of the MPL was not distributed with this
 3 |  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 4 | 
 5 | var fs = require('fs')
 6 | var path = require('path')
 7 | var url = require('url')
 8 | var convict = require('convict')
 9 | 
10 | module.exports = require('./config')(fs, path, url, convict)
11 | 


--------------------------------------------------------------------------------
/db-server/lib/bufferize.js:
--------------------------------------------------------------------------------
 1 | /* This Source Code Form is subject to the terms of the Mozilla Public
 2 |  * License, v. 2.0. If a copy of the MPL was not distributed with this
 3 |  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 4 | 
 5 | var HEX_STRING = /^(?:[a-fA-F0-9]{2})+$/
 6 | 
 7 | function unbuffer(object) {
 8 |   var keys = Object.keys(object)
 9 |   for (var i = 0; i < keys.length; i++) {
10 |     var x = object[keys[i]]
11 |     if (Buffer.isBuffer(x)) {
12 |       object[keys[i]] = x.toString('hex')
13 |     }
14 |   }
15 |   return object
16 | }
17 | 
18 | function bufferize(object, onlyTheseKeys) {
19 |   var keys = Object.keys(object)
20 |   if (onlyTheseKeys) {
21 |     keys = keys.filter(key => onlyTheseKeys.has(key))
22 |   }
23 |   for (var i = 0; i < keys.length; i++) {
24 |     var key = keys[i]
25 |     var value = object[key]
26 |     // Don't convert things with no value, but we still want
27 |     // to bufferize falsy things like the empty string.
28 |     if (typeof value !== 'undefined' && value !== null) {
29 |       if (typeof value !== 'string' || ! HEX_STRING.test(value)) {
30 |         throw new Error('Invalid hex data for ' + key + ': "' + value + '"')
31 |       }
32 |       object[key] = Buffer.from(value, 'hex')
33 |     }
34 |   }
35 |   return object
36 | }
37 | 
38 | function bufferizeRequest(keys, req, res, next) {
39 |   try {
40 |     if (req.body) { req.body = bufferize(req.body, keys) }
41 |     if (req.params) { req.params = bufferize(req.params, keys) }
42 |   } catch (err) {
43 |     // Failure here means invalid hex data in a bufferized field.
44 |     if (! err.statusCode) {
45 |       err.statusCode = 400
46 |     }
47 |     return next(err)
48 |   }
49 |   return next()
50 | }
51 | 
52 | function hexToUtf8(value) {
53 |   return Buffer.from(value,'hex').toString('utf8')
54 | }
55 | 
56 | module.exports = {
57 |   unbuffer: unbuffer,
58 |   bufferize: bufferize,
59 |   bufferizeRequest: bufferizeRequest,
60 |   hexToUtf8: hexToUtf8
61 | }
62 | 


--------------------------------------------------------------------------------
/db-server/lib/error.js:
--------------------------------------------------------------------------------
  1 | /* This Source Code Form is subject to the terms of the Mozilla Public
  2 |  * License, v. 2.0. If a copy of the MPL was not distributed with this
  3 |  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
  4 | 
  5 | var inherits = require('util').inherits
  6 | 
  7 | function AppError(options) {
  8 |   this.message = options.message
  9 |   this.errno = options.errno
 10 |   this.error = options.error
 11 |   this.code = options.code
 12 |   if (options.stack) this.stack = options.stack
 13 | }
 14 | inherits(AppError, Error)
 15 | 
 16 | AppError.prototype.toString = function () {
 17 |   return 'Error: ' + this.message
 18 | }
 19 | 
 20 | AppError.duplicate = function () {
 21 |   return new AppError(
 22 |     {
 23 |       code: 409,
 24 |       error: 'Conflict',
 25 |       errno: 101,
 26 |       message: 'Record already exists'
 27 |     }
 28 |   )
 29 | }
 30 | 
 31 | AppError.notFound = function () {
 32 |   return new AppError(
 33 |     {
 34 |       code: 404,
 35 |       error: 'Not Found',
 36 |       errno: 116,
 37 |       message: 'Not Found'
 38 |     }
 39 |   )
 40 | }
 41 | 
 42 | AppError.incorrectPassword = function () {
 43 |   return new AppError(
 44 |     {
 45 |       code: 400,
 46 |       error: 'Bad request',
 47 |       errno: 103,
 48 |       message: 'Incorrect password'
 49 |     }
 50 |   )
 51 | }
 52 | 
 53 | AppError.cannotDeletePrimaryEmail = function () {
 54 |   return new AppError(
 55 |     {
 56 |       code: 400,
 57 |       error: 'Bad request',
 58 |       errno: 136,
 59 |       message: 'Can not delete primary email'
 60 |     }
 61 |   )
 62 | }
 63 | 
 64 | AppError.expiredTokenVerificationCode = function () {
 65 |   return new AppError(
 66 |     {
 67 |       code: 400,
 68 |       error: 'Bad request',
 69 |       errno: 137,
 70 |       message: 'Expired token verification code'
 71 |     }
 72 |   )
 73 | }
 74 | 
 75 | AppError.invalidVerificationMethod = function () {
 76 |   return new AppError(
 77 |     {
 78 |       code: 400,
 79 |       error: 'Bad request',
 80 |       errno: 138,
 81 |       message: 'Invalid verification method'
 82 |     }
 83 |   )
 84 | }
 85 | 
 86 | AppError.recoveryKeyInvalid = () => {
 87 |   return new AppError({
 88 |     code: 400,
 89 |     error: 'Bad Request',
 90 |     errno: 159,
 91 |     message: 'Recovery key is not valid'
 92 |   })
 93 | }
 94 | 
 95 | AppError.cannotSetUnverifiedPrimaryEmail = function () {
 96 |   return new AppError(
 97 |     {
 98 |       code: 400,
 99 |       error: 'Bad request',
100 |       errno: 147,
101 |       message: 'Can not set unverified primary email'
102 |     }
103 |   )
104 | }
105 | 
106 | AppError.cannotSetUnownedPrimaryEmail = function () {
107 |   return new AppError(
108 |     {
109 |       code: 400,
110 |       error: 'Bad request',
111 |       errno: 148,
112 |       message: 'Can not set primary email to email that is not owned by account'
113 |     }
114 |   )
115 | }
116 | 
117 | AppError.wrap = function (err) {
118 |   // Don't re-wrap!
119 |   if (err instanceof AppError) {
120 |     return err
121 |   }
122 |   return new AppError(
123 |     {
124 |       code: 500,
125 |       error: 'Internal Server Error',
126 |       errno: err.errno,
127 |       message: err.code,
128 |       stack: err.stack
129 |     }
130 |   )
131 | }
132 | 
133 | module.exports = AppError
134 | 


--------------------------------------------------------------------------------
/db-server/lib/safeJsonFormatter.js:
--------------------------------------------------------------------------------
 1 | /* This Source Code Form is subject to the terms of the Mozilla Public
 2 |  * License, v. 2.0. If a copy of the MPL was not distributed with this
 3 |  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 4 | 
 5 | module.exports = (req, res, body) => {
 6 |   let data = body ? JSON.stringify(body) : 'null'
 7 |   data = data.replace(/</g, '\\u003c')
 8 |     .replace(/>/g, '\\u003e')
 9 |     .replace(/&/g, '\\u0026')
10 | 
11 |   res.setHeader('Content-Length', Buffer.byteLength(data))
12 |   return data
13 | }
14 | 


--------------------------------------------------------------------------------
/db-server/test/.eslintrc:
--------------------------------------------------------------------------------
1 | extends: ../../.eslintrc
2 | 
3 | env:
4 |   mocha: true
5 | 
6 | rules:
7 |   fxa/async-crypto-random: 0
8 | 


--------------------------------------------------------------------------------
/db-server/test/backend/index.js:
--------------------------------------------------------------------------------
1 | /* Any copyright is dedicated to the Public Domain.
2 |  * http://creativecommons.org/publicdomain/zero/1.0/ */
3 | 
4 | module.exports = {
5 |   dbTests: require('./db_tests'),
6 |   remote: require('./remote'),
7 | }
8 | 


--------------------------------------------------------------------------------
/db-server/test/client-then.js:
--------------------------------------------------------------------------------
 1 | /* Any copyright is dedicated to the Public Domain.
 2 |  * http://creativecommons.org/publicdomain/zero/1.0/ */
 3 | 
 4 | const clients = require('restify-clients')
 5 | var P = require('../../lib/promise')
 6 | 
 7 | var ops = [ 'head', 'get', 'post', 'put', 'del' ]
 8 | 
 9 | module.exports = function createClient(cfg) {
10 |   cfg.agent = false
11 |   cfg.headers = {
12 |     connection : 'close',
13 |   }
14 |   const client = clients.createJsonClient(cfg)
15 | 
16 |   // create a thenable version of each operation
17 |   ops.forEach(function(name) {
18 |     client[name + 'Then'] = function() {
19 |       var p = P.defer()
20 |       var args = Array.prototype.slice.call(arguments, 0)
21 |       args.push(function(err, req, res, obj) {
22 |         if (err) return p.reject(err)
23 |         p.resolve({ req: req, res: res, obj: obj })
24 |       })
25 |       client[name].apply(this, args)
26 |       return p.promise
27 |     }
28 |   })
29 | 
30 |   return client
31 | }
32 | 


--------------------------------------------------------------------------------
/db-server/test/local/error.js:
--------------------------------------------------------------------------------
 1 | /* Any copyright is dedicated to the Public Domain.
 2 |  * http://creativecommons.org/publicdomain/zero/1.0/ */
 3 | 
 4 | 'use strict'
 5 | 
 6 | const assert = require('insist')
 7 | 
 8 | describe('error', () => {
 9 |   it(
10 |     'error module',
11 |     () => {
12 |       const error = require('../../lib/error')
13 |       assert.equal(typeof error, 'function', 'error module returns a function')
14 | 
15 |       const duplicate = error.duplicate()
16 |       assert.equal(typeof duplicate, 'object', 'duplicate returns an object')
17 |       assert(duplicate instanceof error, 'is an instance of error')
18 |       assert.equal(duplicate.code, 409)
19 |       assert.equal(duplicate.errno, 101)
20 |       assert.equal(duplicate.message, 'Record already exists')
21 |       assert.equal(duplicate.error, 'Conflict')
22 |       assert.equal(duplicate.toString(), 'Error: Record already exists')
23 | 
24 |       const notFound = error.notFound()
25 |       assert.equal(typeof notFound, 'object', 'notFound returns an object')
26 |       assert(notFound instanceof error, 'is an instance of error')
27 |       assert.equal(notFound.code, 404)
28 |       assert.equal(notFound.errno, 116)
29 |       assert.equal(notFound.message, 'Not Found')
30 |       assert.equal(notFound.error, 'Not Found')
31 |       assert.equal(notFound.toString(), 'Error: Not Found')
32 | 
33 |       const err = new Error('Something broke.')
34 |       err.code = 'ER_QUERY_INTERRUPTED'
35 |       err.errno = 1317
36 |       const wrap = error.wrap(err)
37 |       assert.equal(typeof wrap, 'object', 'wrap returns an object')
38 |       assert(wrap instanceof error, 'is an instance of error')
39 |       assert.equal(wrap.code, 500)
40 |       assert.equal(wrap.errno, 1317)
41 |       assert.equal(wrap.message, 'ER_QUERY_INTERRUPTED')
42 |       assert.equal(wrap.error, 'Internal Server Error')
43 |       assert.equal(wrap.toString(), 'Error: ER_QUERY_INTERRUPTED')
44 |     }
45 |   )
46 | })
47 | 


--------------------------------------------------------------------------------
/db-server/test/local/safeJsonFormatter.js:
--------------------------------------------------------------------------------
 1 | /* Any copyright is dedicated to the Public Domain.
 2 |  * http://creativecommons.org/publicdomain/zero/1.0/ */
 3 | 
 4 | 'use strict'
 5 | 
 6 | const assert = require('insist')
 7 | const safeJsonFormatter = require('../../lib/safeJsonFormatter')
 8 | 
 9 | describe('safeJsonFormatter module', () => {
10 |   it('safeJsonFormatter function exported', () => {
11 |     assert.equal(typeof safeJsonFormatter === 'function', true)
12 |   })
13 | 
14 |   it('escapes input', () => {
15 |     const req = {}
16 |     const res = {
17 |       setHeader: () => {
18 |       }
19 |     }
20 |     const body = {'foo': '<script>&'}
21 |     const expectedData = '{"foo":"\\u003cscript\\u003e\\u0026"}'
22 |     const data = safeJsonFormatter(req, res, body)
23 |     assert.equal(data, expectedData, 'script is escaped')
24 |   })
25 | })
26 | 


--------------------------------------------------------------------------------
/grunttasks/bump.js:
--------------------------------------------------------------------------------
 1 | /* This Source Code Form is subject to the terms of the Mozilla Public
 2 |  * License, v. 2.0. If a copy of the MPL was not distributed with this
 3 |  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 4 | 
 5 | // takes care of bumping the version number in package.json
 6 | 
 7 | module.exports = function (grunt) {
 8 |   'use strict'
 9 | 
10 |   grunt.config('bump', {
11 |     options: {
12 |       files: ['package.json', 'npm-shrinkwrap.json'],
13 |       bumpVersion: true,
14 |       commit: true,
15 |       commitMessage: 'Release v%VERSION%',
16 |       commitFiles: ['package.json', 'npm-shrinkwrap.json', 'CHANGELOG.md'],
17 |       createTag: true,
18 |       tagName: 'v%VERSION%',
19 |       tagMessage: 'Version %VERSION%',
20 |       push: false,
21 |       pushTo: 'origin',
22 |       gitDescribeOptions: '--tags --always --abrev=1 --dirty=-d'
23 |     }
24 |   })
25 | }
26 | 
27 | 


--------------------------------------------------------------------------------
/grunttasks/changelog.js:
--------------------------------------------------------------------------------
 1 | /* This Source Code Form is subject to the terms of the Mozilla Public
 2 |  * License, v. 2.0. If a copy of the MPL was not distributed with this
 3 |  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 4 | 
 5 | var fxaChangelog = require('fxa-conventional-changelog')()
 6 | 
 7 | module.exports = function (grunt) {
 8 |   grunt.config('conventionalChangelog', {
 9 |     options: {
10 |       changelogOpts: {},
11 |       parserOpts: fxaChangelog.parserOpts,
12 |       writerOpts: fxaChangelog.writerOpts
13 |     },
14 |     release: {
15 |       src: 'CHANGELOG.md'
16 |     }
17 |   })
18 | }
19 | 


--------------------------------------------------------------------------------
/grunttasks/copyright.js:
--------------------------------------------------------------------------------
 1 | /* This Source Code Form is subject to the terms of the Mozilla Public
 2 |  * License, v. 2.0. If a copy of the MPL was not distributed with this
 3 |  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 4 | 
 5 | module.exports = function (grunt) {
 6 |   'use strict'
 7 | 
 8 |   grunt.config('copyright', {
 9 |     app: {
10 |       src: [
11 |         '{bin,config,db-server/lib,lib,lib/db,scripts}/*.js'
12 |       ],
13 |       options: {
14 |         pattern: 'This Source Code Form is subject to the terms of the Mozilla Public'
15 |       }
16 |     },
17 |     tests: {
18 |       src: [
19 |         'test/{remote,local,backend}/*.js',
20 |         'db-server/test/{backend,local}/*.js'
21 |       ],
22 |       options: {
23 |         pattern: 'Any copyright is dedicated to the Public Domain.'
24 |       }
25 |     }
26 |   })
27 | }
28 | 


--------------------------------------------------------------------------------
/grunttasks/eslint.js:
--------------------------------------------------------------------------------
 1 | /* This Source Code Form is subject to the terms of the Mozilla Public
 2 |  * License, v. 2.0. If a copy of the MPL was not distributed with this
 3 |  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 4 | 
 5 | module.exports = function (grunt) {
 6 |   'use strict'
 7 | 
 8 |   grunt.config('eslint', {
 9 |     options: {
10 |       eslintrc: '.eslintrc'
11 |     },
12 |     files: [
13 |       'index.js',
14 |       '{grunttasks,bin,lib,lib/db,scripts,test}/*.js',
15 |       'db-server/index.js',
16 |       'db-server/{lib,test,test/backend,test/local}/*.js',
17 |       'test/{backend,local,mem,scripts}/*.js'
18 |     ]
19 |   })
20 | 
21 |   // Let's make a sneaky alias for ESLint and call it `jshint`.
22 |   grunt.registerTask('jshint', ['eslint'])
23 | }
24 | 


--------------------------------------------------------------------------------
/grunttasks/nsp.js:
--------------------------------------------------------------------------------
 1 | /* This Source Code Form is subject to the terms of the Mozilla Public
 2 |  * License, v. 2.0. If a copy of the MPL was not distributed with this
 3 |  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 4 | 
 5 | module.exports = function (grunt) {
 6 |   grunt.config('nsp', {
 7 |     output: 'summary',
 8 |     package: grunt.file.readJSON('package.json'),
 9 |     shrinkwrap: grunt.file.readJSON('npm-shrinkwrap.json')
10 |   })
11 | }
12 | 


--------------------------------------------------------------------------------
/grunttasks/version.js:
--------------------------------------------------------------------------------
 1 | /* This Source Code Form is subject to the terms of the Mozilla Public
 2 |  * License, v. 2.0. If a copy of the MPL was not distributed with this
 3 |  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 4 | 
 5 | //
 6 | // A task to stamp a new version.
 7 | //
 8 | // * version is updated in package.json
 9 | // * git tag with version name is created.
10 | // * git commit with updated package.json and CHANGELOG.md created.
11 | //
12 | // NOTE: This task will not push this commit for you.
13 | //
14 | 
15 | module.exports = function (grunt) {
16 |   'use strict'
17 | 
18 |   grunt.registerTask('version', [
19 |     'bump-only:minor',
20 |     'conventionalChangelog:release',
21 |     'bump-commit'
22 |   ])
23 | 
24 |   grunt.registerTask('version:patch', [
25 |     'bump-only:patch',
26 |     'conventionalChangelog:release',
27 |     'bump-commit'
28 |   ])
29 | }
30 | 


--------------------------------------------------------------------------------
/index.js:
--------------------------------------------------------------------------------
 1 | /* This Source Code Form is subject to the terms of the Mozilla Public
 2 |  * License, v. 2.0. If a copy of the MPL was not distributed with this
 3 |  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 4 | 
 5 | var config = require('./config')
 6 | var dbServer = require('./db-server')
 7 | var error = dbServer.errors
 8 | var logger = require('./lib/logging')('bin.server')
 9 | var DB = require('./lib/db/mem')(logger, error)
10 | 
11 | module.exports = function () {
12 |   return DB.connect(config)
13 |     .then(function (db) {
14 |       return dbServer.createServer(db)
15 |     })
16 | }
17 | 


--------------------------------------------------------------------------------
/lib/constants.js:
--------------------------------------------------------------------------------
1 | /* This Source Code Form is subject to the terms of the Mozilla Public
2 |  * License, v. 2.0. If a copy of the MPL was not distributed with this
3 |  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
4 | 
5 | module.exports = Object.freeze({
6 |   DATABASE_NAME: 'fxa'
7 | })
8 | 


--------------------------------------------------------------------------------
/lib/db/patch.js:
--------------------------------------------------------------------------------
1 | /* This Source Code Form is subject to the terms of the Mozilla Public
2 |  * License, v. 2.0. If a copy of the MPL was not distributed with this
3 |  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
4 | 
5 | // The expected patch level of the database. Update if you add a new
6 | // patch in the ./schema/ directory.
7 | module.exports.level = 97
8 | 


--------------------------------------------------------------------------------
/lib/db/random.js:
--------------------------------------------------------------------------------
 1 | /* This Source Code Form is subject to the terms of the Mozilla Public
 2 |  * License, v. 2.0. If a copy of the MPL was not distributed with this
 3 |  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 4 | 
 5 | 'use strict'
 6 | const randomBytes = require('../promise').promisify(require('crypto').randomBytes)
 7 | 
 8 | // The alphabet is lowercase for backwards compatibility with the previous keyspace
 9 | // and the content-server also normalizes the codes to lowercase on submit
10 | const ALPHABET = '0123456789abcdefghjkmnpqrstvwxyz'
11 | 
12 | function base32(len) {
13 |   return randomBytes(len)
14 |     .then(bytes => {
15 |       const out = []
16 | 
17 |       for (let i = 0; i < len; i++) {
18 |         out.push(ALPHABET[bytes[i] % 32])
19 |       }
20 | 
21 |       return out.join('')
22 |     })
23 | }
24 | 
25 | module.exports = base32
26 | 


--------------------------------------------------------------------------------
/lib/db/schema/README.md:
--------------------------------------------------------------------------------
 1 | ## Schema
 2 | 
 3 | This project uses the [mysql-patcher](https://www.npmjs.com/package/mysql-patcher) project to perform its database
 4 | schema migrations, however this is only used in development, testing and staging but not in production. Production is
 5 | performed manually making sure each step succeeds properly.
 6 | 
 7 | When adding a new patch file you need to provide two things:
 8 | 
 9 | 1. the forward and reverse patches in `db/schema/patch-xxx-xxx.sql`
10 | 2. update `db/patch.js` to point to the new patches
11 | 
12 | Each forward patch should perform it's actions and finally update the `dbMetadata` to the new patch level.
13 | 
14 | Every reverse patch should perform the same actions but in exactly the same reverse order, but still update
15 | the `dbMetadata` table last. Also note that for this project we decided to comment out the reverse patch
16 | so that it couldn't be run accidentally.
17 | 
18 | ## Database Table Access Order
19 | 
20 | MySql tells us that we
21 | [should expect deadlocks to occur](https://docs.oracle.com/cd/E17952_01/refman-5.0-en/innodb-deadlocks.html) every so
22 | often and that they are normal, unless they occur frequently enough to disrupt your normal operations. However, there
23 | are also things we can do to try and minimise the chance that they do occur. One of these approaches is to try the following:
24 | 
25 | "When modifying multiple tables within a transaction, or different sets of rows in the same table, do those operations
26 | in a consistent order each time."
27 | 
28 | To document this, we're trying to keep to the following order though obviously deviations can occur if necessary:
29 | 
30 | * sessionTokens
31 | * keyFetchTokens
32 | * accountResetTokens
33 | * passwordChangeTokens
34 | * passwordForgotTokens
35 | * accounts
36 | 
37 | As a slice of history related to this decision, you can follow along in cronological order in these four issues/pulls:
38 | 
39 | * https://github.com/mozilla/fxa-auth-server/issues/785
40 | * https://github.com/mozilla/fxa-auth-db-server/issues/101
41 | * https://github.com/mozilla/fxa-auth-db-mysql/issues/28
42 | * https://github.com/mozilla/fxa-auth-db-mysql/pull/36
43 | 
44 | ## Stored Procedures and Future Patches
45 | 
46 | When a new stored procedure is added no further actions need to be taken. However, when a new version of a stored
47 | procedure is added, the older version should also be removed. However, due to the way we may have two subsequent
48 | versions of a stack accessing the database the old stored procedure should be removed in the next patch. As an example
49 | consider the following:
50 | 
51 | * a stored procedure `doSomething_2` already exists
52 | * a new version `doSomething_3` is added in patch 12 during release 50
53 | * upon release:
54 |     * the old stack (release 49) is still using `doSomething_2`
55 |     * the new stack (release 50) is using `doSomething_3`
56 | * a new patch 13 should be added for release during release 51 which removes `doSomething_2`
57 | 
58 | This works because by the time we get to release 51, the stack for release 49 has already been pulled down and nothing
59 | is using `doSomething_2` any longer.
60 | 
61 | (Ends)
62 | 


--------------------------------------------------------------------------------
/lib/db/schema/patch-000-001.sql:
--------------------------------------------------------------------------------
 1 | -- Create the 'dbMetadata' table.
 2 | -- Note: This should be the only thing in this initial patch.
 3 | 
 4 | CREATE TABLE dbMetadata (
 5 |   name VARCHAR(255) NOT NULL PRIMARY KEY,
 6 |   value VARCHAR(255) NOT NULL
 7 | ) ENGINE=InnoDB;
 8 | 
 9 | INSERT INTO dbMetadata SET name = 'schema-patch-level', value = '1';
10 | 


--------------------------------------------------------------------------------
/lib/db/schema/patch-001-000.sql:
--------------------------------------------------------------------------------
1 | -- -- drop the dbMetadata table
2 | -- DROP TABLE dbMetadata;
3 | 


--------------------------------------------------------------------------------
/lib/db/schema/patch-001-002.sql:
--------------------------------------------------------------------------------
 1 | -- create all tables
 2 | 
 3 | CREATE TABLE IF NOT EXISTS accounts (
 4 |   uid BINARY(16) PRIMARY KEY,
 5 |   normalizedEmail VARCHAR(255) NOT NULL UNIQUE KEY,
 6 |   email VARCHAR(255) NOT NULL,
 7 |   emailCode BINARY(16) NOT NULL,
 8 |   emailVerified BOOLEAN NOT NULL DEFAULT FALSE,
 9 |   kA BINARY(32) NOT NULL,
10 |   wrapWrapKb BINARY(32) NOT NULL,
11 |   authSalt BINARY(32) NOT NULL,
12 |   verifyHash BINARY(32) NOT NULL,
13 |   verifierVersion TINYINT UNSIGNED NOT NULL,
14 |   verifierSetAt BIGINT UNSIGNED NOT NULL,
15 |   createdAt BIGINT UNSIGNED NOT NULL
16 | ) ENGINE=InnoDB;
17 | 
18 | CREATE TABLE IF NOT EXISTS sessionTokens (
19 |   tokenId BINARY(32) PRIMARY KEY,
20 |   tokenData BINARY(32) NOT NULL,
21 |   uid BINARY(16) NOT NULL,
22 |   createdAt BIGINT UNSIGNED NOT NULL,
23 |   INDEX session_uid (uid)
24 | ) ENGINE=InnoDB;
25 | 
26 | CREATE TABLE IF NOT EXISTS keyFetchTokens (
27 |   tokenId BINARY(32) PRIMARY KEY,
28 |   authKey BINARY(32) NOT NULL,
29 |   uid BINARY(16) NOT NULL,
30 |   keyBundle BINARY(96) NOT NULL,
31 |   createdAt BIGINT UNSIGNED NOT NULL,
32 |   INDEX key_uid (uid)
33 | ) ENGINE=InnoDB;
34 | 
35 | CREATE TABLE IF NOT EXISTS accountResetTokens (
36 |   tokenId BINARY(32) PRIMARY KEY,
37 |   tokenData BINARY(32) NOT NULL,
38 |   uid BINARY(16) NOT NULL UNIQUE KEY,
39 |   createdAt BIGINT UNSIGNED NOT NULL
40 | ) ENGINE=InnoDB;
41 | 
42 | CREATE TABLE IF NOT EXISTS passwordForgotTokens (
43 |   tokenId BINARY(32) PRIMARY KEY,
44 |   tokenData BINARY(32) NOT NULL,
45 |   uid BINARY(16) NOT NULL UNIQUE KEY,
46 |   passCode BINARY(16) NOT NULL,
47 |   createdAt BIGINT UNSIGNED NOT NULL,
48 |   tries SMALLINT UNSIGNED NOT NULL
49 | ) ENGINE=InnoDB;
50 | 
51 | CREATE TABLE IF NOT EXISTS passwordChangeTokens (
52 |   tokenId BINARY(32) PRIMARY KEY,
53 |   tokenData BINARY(32) NOT NULL,
54 |   uid BINARY(16) NOT NULL,
55 |   createdAt BIGINT UNSIGNED NOT NULL,
56 |   INDEX session_uid (uid)
57 | ) ENGINE=InnoDB;
58 | 
59 | UPDATE dbMetadata SET value = '2' WHERE name = 'schema-patch-level';
60 | 


--------------------------------------------------------------------------------
/lib/db/schema/patch-002-001.sql:
--------------------------------------------------------------------------------
 1 | -- -- drop tables
 2 | 
 3 | -- DROP TABLE passwordChangeTokens;
 4 | -- DROP TABLE passwordForgotTokens;
 5 | -- DROP TABLE accountResetTokens;
 6 | -- DROP TABLE keyFetchTokens;
 7 | -- DROP TABLE sessionTokens;
 8 | -- DROP TABLE accounts;
 9 | 
10 | -- UPDATE dbMetadata SET value = '1' WHERE name = 'schema-patch-level';
11 | 


--------------------------------------------------------------------------------
/lib/db/schema/patch-002-003.sql:
--------------------------------------------------------------------------------
1 | -- add locale to accounts table
2 | 
3 | ALTER TABLE accounts ADD COLUMN locale VARCHAR(255);
4 | 
5 | UPDATE dbMetadata SET value = '3' WHERE name = 'schema-patch-level';
6 | 


--------------------------------------------------------------------------------
/lib/db/schema/patch-003-002.sql:
--------------------------------------------------------------------------------
1 | -- -- drop locale column from accounts
2 | 
3 | -- ALTER TABLE accounts DROP COLUMN locale;
4 | 
5 | -- UPDATE dbMetadata SET value = '2' WHERE name = 'schema-patch-level';
6 | 


--------------------------------------------------------------------------------
/lib/db/schema/patch-003-004.sql:
--------------------------------------------------------------------------------
 1 | INSERT INTO dbMetadata SET name = 'prune-last-ran', value = '0';
 2 | 
 3 | CREATE PROCEDURE `prune` (IN pruneBefore BIGINT UNSIGNED, IN now BIGINT UNSIGNED)
 4 | BEGIN
 5 |     -- try and obtain the prune lock
 6 |     SELECT @lockAcquired:=GET_LOCK('fxa-auth-server.prune-lock', 3);
 7 | 
 8 |     IF @lockAcquired THEN
 9 | 
10 |         SELECT @lastRan:=CONVERT(value, UNSIGNED) AS lastRan FROM dbMetadata WHERE `name` = 'prune-last-ran';
11 | 
12 |         IF @lastRan < pruneBefore THEN
13 | 
14 |             DELETE FROM accountResetTokens WHERE createdAt < pruneBefore;
15 |             DELETE FROM passwordForgotTokens WHERE createdAt < pruneBefore;
16 |             DELETE FROM passwordChangeTokens WHERE createdAt < pruneBefore;
17 | 
18 |             -- save the time this last ran at (ie. now)
19 |             UPDATE dbMetadata SET value = CONVERT(now, CHAR) WHERE `name` = 'prune-last-ran';
20 | 
21 |         END IF;
22 | 
23 |         -- release the lock
24 |         SELECT RELEASE_LOCK('fxa-auth-server.prune-lock');
25 | 
26 |     END IF;
27 | 
28 | END;
29 | 
30 | ALTER TABLE `accountResetTokens` ADD INDEX `createdAt` (`createdAt`);
31 | ALTER TABLE `passwordForgotTokens` ADD INDEX `createdAt` (`createdAt`);
32 | ALTER TABLE `passwordChangeTokens` ADD INDEX `createdAt` (`createdAt`);
33 | 
34 | UPDATE dbMetadata SET value = '4' WHERE name = 'schema-patch-level';
35 | 


--------------------------------------------------------------------------------
/lib/db/schema/patch-004-003.sql:
--------------------------------------------------------------------------------
 1 | -- -- remove these new indexes
 2 | -- ALTER TABLE `passwordChangeTokens` DROP INDEX `createdAt`;
 3 | -- ALTER TABLE `passwordForgotTokens` DROP INDEX `createdAt`;
 4 | -- ALTER TABLE `accountResetTokens` DROP INDEX `createdAt`;
 5 | 
 6 | -- DROP PROCEDURE `prune`;
 7 | 
 8 | -- -- no need for this 'prune-last-ran'
 9 | -- DELETE FROM dbMetadata WHERE name = 'prune-last-ran';
10 | 
11 | -- UPDATE dbMetadata SET value = '3' WHERE name = 'schema-patch-level';
12 | 


--------------------------------------------------------------------------------
/lib/db/schema/patch-005-004.sql:
--------------------------------------------------------------------------------
 1 | -- Drop all of the stored procedures we added.
 2 | 
 3 | -- dbMetadata
 4 | -- DROP PROCEDURE `dbMetadata_1`;
 5 | 
 6 | -- deletes
 7 | -- DROP PROCEDURE `resetAccount_1`;
 8 | -- DROP PROCEDURE `deletePasswordChangeToken_1`;
 9 | -- DROP PROCEDURE `deletePasswordForgotToken_1`;
10 | -- DROP PROCEDURE `deleteAccountResetToken_1`;
11 | -- DROP PROCEDURE `deleteKeyFetchToken_1`;
12 | -- DROP PROCEDURE `deleteSessionToken_1`;
13 | -- DROP PROCEDURE `deleteAccount_1`;
14 | 
15 | -- updates
16 | -- DROP PROCEDURE `updateLocale_1`;
17 | -- DROP PROCEDURE `forgotPasswordVerified_1`;
18 | -- DROP PROCEDURE `verifyEmail_1`;
19 | -- DROP PROCEDURE `updatePasswordForgotToken_1`;
20 | 
21 | -- selects
22 | -- DROP PROCEDURE `account_1`;
23 | -- DROP PROCEDURE `emailRecord_1`;
24 | -- DROP PROCEDURE `passwordChangeToken_1`;
25 | -- DROP PROCEDURE `passwordForgotToken_1`;
26 | -- DROP PROCEDURE `accountResetToken_1`;
27 | -- DROP PROCEDURE `keyFetchToken_1`;
28 | -- DROP PROCEDURE `sessionToken_1`;
29 | -- DROP PROCEDURE `accountDevices_1`;
30 | -- DROP PROCEDURE `accountExists_1`;
31 | 
32 | -- inserts
33 | -- DROP PROCEDURE `createPasswordChangeToken_1`;
34 | -- DROP PROCEDURE `createPasswordForgotToken_1`;
35 | -- DROP PROCEDURE `createAccountResetToken_1`;
36 | -- DROP PROCEDURE `createKeyFetchToken_1`;
37 | -- DROP PROCEDURE `createSessionToken_1`;
38 | -- DROP PROCEDURE `createAccount_1`;
39 | 
40 | -- UPDATE dbMetadata SET value = '4' WHERE name = 'schema-patch-level';
41 | 


--------------------------------------------------------------------------------
/lib/db/schema/patch-005-006.sql:
--------------------------------------------------------------------------------
1 | -- make sure passwordChangeTokens(uid) is unique
2 | -- ie. only one row for each accounts.uid
3 | ALTER TABLE passwordChangeTokens ADD UNIQUE INDEX `uid` (uid);
4 | 
5 | UPDATE dbMetadata SET value = '6' WHERE name = 'schema-patch-level';
6 | 


--------------------------------------------------------------------------------
/lib/db/schema/patch-006-005.sql:
--------------------------------------------------------------------------------
1 | -- -- make sure passwordChangeTokens(uid) is unique
2 | -- -- ie. only one row for each accounts.uid
3 | -- ALTER TABLE passwordChangeTokens DROP INDEX `uid`;
4 | 
5 | -- UPDATE dbMetadata SET value = '5' WHERE name = 'schema-patch-level';
6 | 


--------------------------------------------------------------------------------
/lib/db/schema/patch-007-006.sql:
--------------------------------------------------------------------------------
 1 | -- Drop all of the stored procedures we added.
 2 | 
 3 | -- deletes
 4 | -- DROP PROCEDURE `resetAccount_2`;
 5 | -- DROP PROCEDURE `deleteAccount_2`;
 6 | 
 7 | -- updates
 8 | -- DROP PROCEDURE `forgotPasswordVerified_2`;
 9 | -- DROP PROCEDURE `createPasswordChangeToken_2`;
10 | -- DROP PROCEDURE `createPasswordForgotToken_2`;
11 | -- DROP PROCEDURE `createAccountResetToken_2`;
12 | 
13 | -- UPDATE dbMetadata SET value = '6' WHERE name = 'schema-patch-level';
14 | 


--------------------------------------------------------------------------------
/lib/db/schema/patch-008-007.sql:
--------------------------------------------------------------------------------
 1 | -- -- drop new stored procedures
 2 | -- DROP PROCEDURE `resetAccount_3`;
 3 | -- DROP PROCEDURE `deleteAccount_3`;
 4 | -- DROP PROCEDURE `forgotPasswordVerified_3`;
 5 | -- DROP PROCEDURE `account_2`;
 6 | -- DROP PROCEDURE `emailRecord_2`;
 7 | -- DROP PROCEDURE `unlockCode_1`;
 8 | -- DROP PROCEDURE `unlockAccount_1`;
 9 | -- DROP PROCEDURE `lockAccount_1`;
10 | 
11 | -- -- drop new table
12 | -- DROP TABLE accountUnlockCodes;
13 | 
14 | -- -- drop new column
15 | -- ALTER TABLE accounts DROP COLUMN lockedAt;
16 | 
17 | -- UPDATE dbMetadata SET value = '7' WHERE name = 'schema-patch-level';
18 | 


--------------------------------------------------------------------------------
/lib/db/schema/patch-009-008.sql:
--------------------------------------------------------------------------------
 1 | -- -- drop new stored procedures
 2 | -- DROP PROCEDURE `ackPublishedEvents_1`;
 3 | -- DROP PROCEDURE `getUnpublishedEvents_1`;
 4 | -- DROP PROCEDURE `deleteAccount_4`;
 5 | -- DROP PROCEDURE `resetAccount_4`;
 6 | -- DROP PROCEDURE `verifyEmail_2`;
 7 | -- DROP PROCEDURE `createAccount_2`;
 8 | 
 9 | -- -- drop new tables
10 | -- DROP TABLE eventLogPublishState;
11 | -- DROP TABLE eventLog;
12 | 
13 | -- UPDATE dbMetadata SET value = '8' WHERE name = 'schema-patch-level';
14 | 


--------------------------------------------------------------------------------
/lib/db/schema/patch-009-010.sql:
--------------------------------------------------------------------------------
 1 | 
 2 | -- forgotPasswordVerified v4
 3 | CREATE PROCEDURE `forgotPasswordVerified_4` (
 4 |     IN `inPasswordForgotTokenId` BINARY(32),
 5 |     IN `inAccountResetTokenId` BINARY(32),
 6 |     IN `inTokenData` BINARY(32),
 7 |     IN `inUid` BINARY(16),
 8 |     IN `inCreatedAt` BIGINT UNSIGNED
 9 | )
10 | BEGIN
11 |     DECLARE EXIT HANDLER FOR SQLEXCEPTION
12 |     BEGIN
13 |         -- ERROR
14 |         ROLLBACK;
15 |         RESIGNAL;
16 |     END;
17 | 
18 |     START TRANSACTION;
19 | 
20 |     -- Since we only ever want one accountResetToken per uid, then we
21 |     -- do a replace - generally due to a collision on the unique uid field.
22 |     REPLACE INTO accountResetTokens(
23 |         tokenId,
24 |         tokenData,
25 |         uid,
26 |         createdAt
27 |     )
28 |     VALUES(
29 |         inAccountResetTokenId,
30 |         inTokenData,
31 |         inUid,
32 |         inCreatedAt
33 |     );
34 | 
35 |     DELETE FROM passwordForgotTokens WHERE tokenId = inPasswordForgotTokenId;
36 | 
37 |     DELETE FROM accountUnlockCodes WHERE uid = inUid;
38 | 
39 |     UPDATE accounts SET emailVerified = true, lockedAt = null WHERE uid = inUid;
40 | 
41 |     COMMIT;
42 | END;
43 | 
44 | -- lockAccount v2
45 | CREATE PROCEDURE `lockAccount_2` (
46 |     IN `inUid` BINARY(16),
47 |     IN `inUnlockCode` BINARY(16),
48 |     IN `inLockedAt` BIGINT UNSIGNED
49 | )
50 | BEGIN
51 |     DECLARE EXIT HANDLER FOR SQLEXCEPTION
52 |     BEGIN
53 |         -- ERROR
54 |         ROLLBACK;
55 |         RESIGNAL;
56 |     END;
57 | 
58 |     START TRANSACTION;
59 | 
60 |     -- Any old values for the account should be removed
61 |     -- before new values are inserted.
62 |     REPLACE INTO accountUnlockCodes (
63 |       uid,
64 |       unlockCode
65 |     )
66 |     VALUES(
67 |       inUid,
68 |       inUnlockCode
69 |     );
70 | 
71 |     UPDATE accounts SET lockedAt = inLockedAt WHERE uid = inUid;
72 | 
73 |     COMMIT;
74 | END;
75 | 
76 | -- unlockAccount v2
77 | CREATE PROCEDURE `unlockAccount_2` (
78 |     IN `inUid` BINARY(16)
79 | )
80 | BEGIN
81 |     DECLARE EXIT HANDLER FOR SQLEXCEPTION
82 |     BEGIN
83 |         -- ERROR
84 |         ROLLBACK;
85 |         RESIGNAL;
86 |     END;
87 | 
88 |     START TRANSACTION;
89 | 
90 |     DELETE FROM accountUnlockCodes WHERE uid = inUid;
91 |     UPDATE accounts SET lockedAt = null WHERE uid = inUid;
92 | 
93 |     COMMIT;
94 | END;
95 | 
96 | -- Schema patch-level increment.
97 | UPDATE dbMetadata SET value = '10' WHERE name = 'schema-patch-level';
98 | 


--------------------------------------------------------------------------------
/lib/db/schema/patch-010-009.sql:
--------------------------------------------------------------------------------
1 | -- -- drop the procedures we created
2 | -- DROP PROCEDURE `unlockAccount_2`;
3 | -- DROP PROCEDURE `lockAccount_2`;
4 | -- DROP PROCEDURE `forgotPasswordVerified_4`;
5 | 
6 | -- -- Schema patch-level increment.
7 | -- UPDATE dbMetadata SET value = '9' WHERE name = 'schema-patch-level';
8 | 


--------------------------------------------------------------------------------
/lib/db/schema/patch-010-011.sql:
--------------------------------------------------------------------------------
 1 | -- Add checkPassword stored procedure
 2 | 
 3 | CREATE PROCEDURE `checkPassword_1` (
 4 |     IN `inUid` BINARY(16),
 5 |     IN `inVerifyHash` BINARY(32)
 6 | )
 7 | BEGIN
 8 |     SELECT uid FROM accounts WHERE uid = inUid AND verifyHash = inVerifyHash;
 9 | END;
10 | 
11 | UPDATE dbMetadata SET value = '11' WHERE name = 'schema-patch-level';
12 | 


--------------------------------------------------------------------------------
/lib/db/schema/patch-011-010.sql:
--------------------------------------------------------------------------------
1 | -- -- drop the procedures we created
2 | -- DROP PROCEDURE `checkPassword_1`;
3 | 
4 | -- -- Schema patch-level decrement.
5 | -- UPDATE dbMetadata SET value = '10' WHERE name = 'schema-patch-level';


--------------------------------------------------------------------------------
/lib/db/schema/patch-011-012.sql:
--------------------------------------------------------------------------------
 1 | -- drop old stored procedures
 2 | 
 3 | DROP PROCEDURE `createAccount_1`;
 4 | 
 5 | DROP PROCEDURE `account_1`;
 6 | 
 7 | DROP PROCEDURE `emailRecord_1`;
 8 | 
 9 | DROP PROCEDURE `verifyEmail_1`;
10 | 
11 | DROP PROCEDURE `forgotPasswordVerified_1`;
12 | DROP PROCEDURE `forgotPasswordVerified_2`;
13 | DROP PROCEDURE `forgotPasswordVerified_3`;
14 | 
15 | DROP PROCEDURE `createAccountResetToken_1`;
16 | 
17 | DROP PROCEDURE `createPasswordChangeToken_1`;
18 | 
19 | DROP PROCEDURE `createPasswordForgotToken_1`;
20 | 
21 | DROP PROCEDURE `lockAccount_1`;
22 | DROP PROCEDURE `unlockAccount_1`;
23 | 
24 | DROP PROCEDURE `resetAccount_1`;
25 | DROP PROCEDURE `resetAccount_2`;
26 | DROP PROCEDURE `resetAccount_3`;
27 | 
28 | DROP PROCEDURE `deleteAccount_1`;
29 | DROP PROCEDURE `deleteAccount_2`;
30 | DROP PROCEDURE `deleteAccount_3`;
31 | 
32 | -- Schema patch-level increment.
33 | UPDATE dbMetadata SET value = '12' WHERE name = 'schema-patch-level';
34 | 


--------------------------------------------------------------------------------
/lib/db/schema/patch-012-013.sql:
--------------------------------------------------------------------------------
 1 | -- new passwordChangeToken
 2 | CREATE PROCEDURE `passwordChangeToken_2` (
 3 |     IN `inTokenId` BINARY(32)
 4 | )
 5 | BEGIN
 6 |     SELECT
 7 |         t.uid,
 8 |         t.tokenData,
 9 |         t.createdAt,
10 |         a.email,
11 |         a.verifierSetAt
12 |     FROM
13 |         passwordChangeTokens t,
14 |         accounts a
15 |     WHERE
16 |         t.tokenId = inTokenId
17 |     AND
18 |         t.uid = a.uid
19 |     ;
20 | END;
21 | 
22 | -- Schema patch-level increment.
23 | UPDATE dbMetadata SET value = '13' WHERE name = 'schema-patch-level';
24 | 


--------------------------------------------------------------------------------
/lib/db/schema/patch-013-012.sql:
--------------------------------------------------------------------------------
1 | -- -- drop the new passwordChangeToken
2 | -- DROP PROCEDURE `passwordChangeToken_2`;
3 | 
4 | -- -- Schema patch-level increment.
5 | -- UPDATE dbMetadata SET value = '12' WHERE name = 'schema-patch-level';
6 | 


--------------------------------------------------------------------------------
/lib/db/schema/patch-013-014.sql:
--------------------------------------------------------------------------------
 1 | -- emailRecord v3
 2 | CREATE PROCEDURE `emailRecord_3` (
 3 |     IN `inEmail` VARCHAR(255)
 4 | )
 5 | BEGIN
 6 |     SELECT
 7 |         a.uid,
 8 |         a.email,
 9 |         a.normalizedEmail,
10 |         a.emailVerified,
11 |         a.emailCode,
12 |         a.kA,
13 |         a.wrapWrapKb,
14 |         a.verifierVersion,
15 |         a.authSalt,
16 |         a.verifierSetAt,
17 |         a.lockedAt
18 |     FROM
19 |         accounts a
20 |     WHERE
21 |         a.normalizedEmail = LOWER(inEmail)
22 |     ;
23 | END;
24 | 
25 | -- account v3
26 | CREATE PROCEDURE `account_3` (
27 |     IN `inUid` BINARY(16)
28 | )
29 | BEGIN
30 |     SELECT
31 |         a.uid,
32 |         a.email,
33 |         a.normalizedEmail,
34 |         a.emailVerified,
35 |         a.emailCode,
36 |         a.kA,
37 |         a.wrapWrapKb,
38 |         a.verifierVersion,
39 |         a.authSalt,
40 |         a.verifierSetAt,
41 |         a.createdAt,
42 |         a.locale,
43 |         a.lockedAt
44 |     FROM
45 |         accounts a
46 |     WHERE
47 |         a.uid = LOWER(inUid)
48 |     ;
49 | END;
50 | 
51 | UPDATE dbMetadata SET value = '14' WHERE name = 'schema-patch-level';
52 | 


--------------------------------------------------------------------------------
/lib/db/schema/patch-014-013.sql:
--------------------------------------------------------------------------------
1 | -- -- drop the procedures we created
2 | -- DROP PROCEDURE `account_3`;
3 | -- DROP PROCEDURE `emailRecord_3`;
4 | 
5 | -- -- Schema patch-level decrement.
6 | -- UPDATE dbMetadata SET value = '13' WHERE name = 'schema-patch-level';
7 | 


--------------------------------------------------------------------------------
/lib/db/schema/patch-014-015.sql:
--------------------------------------------------------------------------------
  1 | -- Add uaBrowser, uaBrowserVersion, uaOS, uaOSVersion, uaDeviceType
  2 | -- and lastAccessTime fields to sessionTokens table
  3 | 
  4 | ALTER TABLE sessionTokens ADD COLUMN uaBrowser VARCHAR(255);
  5 | ALTER TABLE sessionTokens ADD COLUMN uaBrowserVersion VARCHAR(255);
  6 | ALTER TABLE sessionTokens ADD COLUMN uaOS VARCHAR(255);
  7 | ALTER TABLE sessionTokens ADD COLUMN uaOSVersion VARCHAR(255);
  8 | ALTER TABLE sessionTokens ADD COLUMN uaDeviceType VARCHAR(255);
  9 | ALTER TABLE sessionTokens ADD COLUMN lastAccessTime BIGINT UNSIGNED NOT NULL DEFAULT 0;
 10 | 
 11 | CREATE PROCEDURE `createSessionToken_2` (
 12 |     IN tokenId BINARY(32),
 13 |     IN tokenData BINARY(32),
 14 |     IN uid BINARY(16),
 15 |     IN createdAt BIGINT UNSIGNED,
 16 |     IN uaBrowser VARCHAR(255),
 17 |     IN uaBrowserVersion VARCHAR(255),
 18 |     IN uaOS VARCHAR(255),
 19 |     IN uaOSVersion VARCHAR(255),
 20 |     IN uaDeviceType VARCHAR(255)
 21 | )
 22 | BEGIN
 23 |     INSERT INTO sessionTokens(
 24 |         tokenId,
 25 |         tokenData,
 26 |         uid,
 27 |         createdAt,
 28 |         uaBrowser,
 29 |         uaBrowserVersion,
 30 |         uaOS,
 31 |         uaOSVersion,
 32 |         uaDeviceType,
 33 |         lastAccessTime
 34 |     )
 35 |     VALUES(
 36 |         tokenId,
 37 |         tokenData,
 38 |         uid,
 39 |         createdAt,
 40 |         uaBrowser,
 41 |         uaBrowserVersion,
 42 |         uaOS,
 43 |         uaOSVersion,
 44 |         uaDeviceType,
 45 |         createdAt
 46 |     );
 47 | END;
 48 | 
 49 | CREATE PROCEDURE `sessionToken_2` (
 50 |     IN `inTokenId` BINARY(32)
 51 | )
 52 | BEGIN
 53 |     SELECT
 54 |         t.tokenData,
 55 |         t.uid,
 56 |         t.createdAt,
 57 |         t.uaBrowser,
 58 |         t.uaBrowserVersion,
 59 |         t.uaOS,
 60 |         t.uaOSVersion,
 61 |         t.uaDeviceType,
 62 |         t.lastAccessTime,
 63 |         a.emailVerified,
 64 |         a.email,
 65 |         a.emailCode,
 66 |         a.verifierSetAt,
 67 |         a.locale
 68 |     FROM
 69 |         sessionTokens t,
 70 |         accounts a
 71 |     WHERE
 72 |         t.tokenId = inTokenId
 73 |     AND
 74 |         t.uid = a.uid
 75 |     ;
 76 | END;
 77 | 
 78 | CREATE PROCEDURE `updateSessionToken_1` (
 79 |     IN uaBrowserArg VARCHAR(255),
 80 |     IN uaBrowserVersionArg VARCHAR(255),
 81 |     IN uaOSArg VARCHAR(255),
 82 |     IN uaOSVersionArg VARCHAR(255),
 83 |     IN uaDeviceTypeArg VARCHAR(255),
 84 |     IN lastAccessTimeArg BIGINT UNSIGNED,
 85 |     IN tokenIdArg BINARY(32)
 86 | )
 87 | BEGIN
 88 |     UPDATE sessionTokens
 89 |         SET uaBrowser = uaBrowserArg,
 90 |             uaBrowserVersion = uaBrowserVersionArg,
 91 |             uaOS = uaOSArg,
 92 |             uaOSVersion = uaOSVersionArg,
 93 |             uaDeviceType = uaDeviceTypeArg,
 94 |             lastAccessTime = lastAccessTimeArg
 95 |         WHERE tokenId = tokenIdArg;
 96 | END;
 97 | 
 98 | UPDATE dbMetadata SET value = '15' WHERE name = 'schema-patch-level';
 99 | 
100 | 


--------------------------------------------------------------------------------
/lib/db/schema/patch-015-014.sql:
--------------------------------------------------------------------------------
 1 | -- -- drop new stored procedures
 2 | -- DROP PROCEDURE `createSessionToken_2`;
 3 | -- DROP PROCEDURE `sessionToken_2`;
 4 | -- DROP PROCEDURE `updateSessionToken_1`;
 5 | 
 6 | -- -- drop new columns
 7 | -- ALTER TABLE sessionTokens DROP COLUMN uaBrowser;
 8 | -- ALTER TABLE sessionTokens DROP COLUMN uaBrowserVersion;
 9 | -- ALTER TABLE sessionTokens DROP COLUMN uaOS;
10 | -- ALTER TABLE sessionTokens DROP COLUMN uaOSVersion;
11 | -- ALTER TABLE sessionTokens DROP COLUMN uaDeviceType;
12 | -- ALTER TABLE sessionTokens DROP COLUMN lastAccessTime;
13 | 
14 | -- -- Schema patch-level decrement.
15 | -- UPDATE dbMetadata SET value = '14' WHERE name = 'schema-patch-level';
16 | 


--------------------------------------------------------------------------------
/lib/db/schema/patch-016-015.sql:
--------------------------------------------------------------------------------
1 | -- DROP PROCEDURE `createAccount_3`;
2 | -- DROP PROCEDURE `openIdRecord_1`;
3 | -- DROP PROCEDURE `deleteAccount_5`;
4 | 
5 | -- DROP TABLE `openids`;
6 | 
7 | -- UPDATE dbMetadata SET value = '15' WHERE name = 'schema-patch-level';
8 | 


--------------------------------------------------------------------------------
/lib/db/schema/patch-016-017.sql:
--------------------------------------------------------------------------------
 1 | -- new sessions stored procedure
 2 | CREATE PROCEDURE `sessions_1` (
 3 |     IN `uidArg` BINARY(16)
 4 | )
 5 | BEGIN
 6 |     SELECT
 7 |         tokenId,
 8 |         uid,
 9 |         createdAt,
10 |         uaBrowser,
11 |         uaBrowserVersion,
12 |         uaOS,
13 |         uaOSVersion,
14 |         uaDeviceType,
15 |         lastAccessTime
16 |     FROM sessionTokens
17 |     WHERE uid = uidArg;
18 | END;
19 | 
20 | -- Schema patch-level increment.
21 | UPDATE dbMetadata SET value = '17' WHERE name = 'schema-patch-level';
22 | 
23 | 


--------------------------------------------------------------------------------
/lib/db/schema/patch-017-016.sql:
--------------------------------------------------------------------------------
1 | -- DROP PROCEDURE `sessions_1`;
2 | 
3 | -- UPDATE dbMetadata SET value = '16' WHERE name = 'schema-patch-level';
4 | 
5 | 


--------------------------------------------------------------------------------
/lib/db/schema/patch-017-018.sql:
--------------------------------------------------------------------------------
 1 | -- return accountCreatedAt from the sessionToken stored procedure
 2 | 
 3 | CREATE PROCEDURE `sessionToken_3` (
 4 |     IN `inTokenId` BINARY(32)
 5 | )
 6 | BEGIN
 7 |     SELECT
 8 |         t.tokenData,
 9 |         t.uid,
10 |         t.createdAt,
11 |         t.uaBrowser,
12 |         t.uaBrowserVersion,
13 |         t.uaOS,
14 |         t.uaOSVersion,
15 |         t.uaDeviceType,
16 |         t.lastAccessTime,
17 |         a.emailVerified,
18 |         a.email,
19 |         a.emailCode,
20 |         a.verifierSetAt,
21 |         a.locale,
22 |         a.createdAt AS accountCreatedAt
23 |     FROM
24 |         sessionTokens t,
25 |         accounts a
26 |     WHERE
27 |         t.tokenId = inTokenId
28 |     AND
29 |         t.uid = a.uid
30 |     ;
31 | END;
32 | 
33 | -- Schema patch-level increment.
34 | UPDATE dbMetadata SET value = '18' WHERE name = 'schema-patch-level';
35 | 
36 | 


--------------------------------------------------------------------------------
/lib/db/schema/patch-018-017.sql:
--------------------------------------------------------------------------------
1 | -- DROP PROCEDURE `sessionToken_3`;
2 | 
3 | -- UPDATE dbMetadata SET value = '17' WHERE name = 'schema-patch-level';
4 | 
5 | 


--------------------------------------------------------------------------------
/lib/db/schema/patch-018-019.sql:
--------------------------------------------------------------------------------
  1 | 
  2 | CREATE TABLE devices (
  3 |   uid BINARY(16) NOT NULL,
  4 |   id BINARY(16) NOT NULL,
  5 |   sessionTokenId BINARY(32),
  6 |   name VARCHAR(255),
  7 |   type VARCHAR(16),
  8 |   createdAt BIGINT UNSIGNED,
  9 |   callbackURL VARCHAR(255),
 10 |   PRIMARY KEY (uid, id)
 11 | ) ENGINE=InnoDB;
 12 | 
 13 | 
 14 | CREATE PROCEDURE `upsertDevice_1` (
 15 |     IN `inUid` BINARY(16),
 16 |     IN `inId` BINARY(16),
 17 |     IN `inSessionTokenId` BINARY(32),
 18 |     IN `inName` VARCHAR(255),
 19 |     IN `inType` VARCHAR(16),
 20 |     IN `inCreatedAt` BIGINT UNSIGNED,
 21 |     IN `inCallbackURL` VARCHAR(255)
 22 | )
 23 | BEGIN
 24 |   INSERT INTO devices(
 25 |     uid,
 26 |     id,
 27 |     sessionTokenId,
 28 |     name,
 29 |     type,
 30 |     createdAt,
 31 |     callbackURL
 32 |   )
 33 |   VALUES (
 34 |     inUid,
 35 |     inId,
 36 |     inSessionTokenId,
 37 |     inName,
 38 |     inType,
 39 |     inCreatedAt,
 40 |     inCallbackURL
 41 |   )
 42 |   ON DUPLICATE KEY UPDATE
 43 |     sessionTokenId = COALESCE(inSessionTokenId, sessionTokenId),
 44 |     name = COALESCE(inName, name),
 45 |     type = COALESCE(inType, type),
 46 |     callbackURL = COALESCE(inCallbackURL, callbackURL);
 47 | END;
 48 | 
 49 | CREATE PROCEDURE `deleteDevice_1` (
 50 |     IN `inUid` BINARY(16),
 51 |     IN `inId` BINARY(16)
 52 | )
 53 | BEGIN
 54 |   DELETE
 55 |     devices, sessionTokens
 56 |   FROM
 57 |     devices LEFT JOIN sessionTokens
 58 |   ON
 59 |     devices.sessionTokenId = sessionTokens.tokenId
 60 |   WHERE
 61 |     devices.uid = inUid
 62 |   AND
 63 |     devices.id = inId;
 64 | END;
 65 | 
 66 | CREATE PROCEDURE `accountDevices_2` (
 67 |   IN `inUid` BINARY(16)
 68 | )
 69 | BEGIN
 70 |   SELECT
 71 |     d.uid,
 72 |     d.id,
 73 |     d.sessionTokenId,
 74 |     d.name,
 75 |     d.type,
 76 |     d.createdAt,
 77 |     d.callbackURL,
 78 |     s.uaBrowser,
 79 |     s.uaBrowserVersion,
 80 |     s.uaOS,
 81 |     s.uaOSVersion,
 82 |     s.uaDeviceType,
 83 |     s.lastAccessTime
 84 |   FROM
 85 |     devices d LEFT JOIN sessionTokens s
 86 |   ON
 87 |     d.sessionTokenId = s.tokenId
 88 |   WHERE
 89 |     d.uid = inUid;
 90 | END;
 91 | 
 92 | CREATE PROCEDURE `deleteAccount_6` (
 93 |     IN `inUid` BINARY(16)
 94 | )
 95 | BEGIN
 96 | 
 97 |     DECLARE EXIT HANDLER FOR SQLEXCEPTION
 98 |     BEGIN
 99 |         ROLLBACK;
100 |         RESIGNAL;
101 |     END;
102 | 
103 |     START TRANSACTION;
104 | 
105 |     DELETE FROM sessionTokens WHERE uid = inUid;
106 |     DELETE FROM keyFetchTokens WHERE uid = inUid;
107 |     DELETE FROM accountResetTokens WHERE uid = inUid;
108 |     DELETE FROM passwordChangeTokens WHERE uid = inUid;
109 |     DELETE FROM passwordForgotTokens WHERE uid = inUid;
110 |     DELETE FROM accountUnlockCodes WHERE uid = inUid;
111 |     DELETE FROM accounts WHERE uid = inUid;
112 |     DELETE FROM openids WHERE uid = inUid;
113 |     DELETE FROM devices WHERE uid = inUid;
114 | 
115 |     INSERT INTO eventLog(
116 |         uid,
117 |         typ,
118 |         iat
119 |     )
120 |     VALUES(
121 |         inUid,
122 |         "delete",
123 |         UNIX_TIMESTAMP()
124 |     );
125 | 
126 |     COMMIT;
127 | 
128 | END;
129 | 
130 | -- Schema patch-level increment.
131 | UPDATE dbMetadata SET value = '19' WHERE name = 'schema-patch-level';
132 | 


--------------------------------------------------------------------------------
/lib/db/schema/patch-019-018.sql:
--------------------------------------------------------------------------------
1 | -- DROP PROCEDURE `upsertDevice_1`;
2 | -- DROP PROCEDURE `deleteDevice_1`;
3 | -- DROP PROCEDURE `accountDevices_2`;
4 | -- DROP PROCEDURE `deleteAccount_6`;
5 | 
6 | -- DROP TABLE `devices`;
7 | 
8 | -- UPDATE dbMetadata SET value = '18' WHERE name = 'schema-patch-level';
9 | 


--------------------------------------------------------------------------------
/lib/db/schema/patch-019-020.sql:
--------------------------------------------------------------------------------
 1 | -- This migration:
 2 | --
 3 | -- * Adds a column, devices.callbackPublicKey
 4 | -- * Updates the accountDevices stored procedure with the new column
 5 | -- * Adds a unique constraint on devices.uid, devices.sessionTokenId
 6 | -- * Adds two stored procedures, createDevice and updateDevice
 7 | 
 8 | ALTER TABLE devices
 9 | ADD COLUMN callbackPublicKey BINARY(32),
10 | ADD CONSTRAINT UQ_devices_sessionTokenId UNIQUE (uid, sessionTokenId);
11 | 
12 | CREATE PROCEDURE `accountDevices_3` (
13 |   IN `inUid` BINARY(16)
14 | )
15 | BEGIN
16 |   SELECT
17 |     d.uid,
18 |     d.id,
19 |     d.sessionTokenId,
20 |     d.name,
21 |     d.type,
22 |     d.createdAt,
23 |     d.callbackURL,
24 |     d.callbackPublicKey,
25 |     s.uaBrowser,
26 |     s.uaBrowserVersion,
27 |     s.uaOS,
28 |     s.uaOSVersion,
29 |     s.uaDeviceType,
30 |     s.lastAccessTime
31 |   FROM
32 |     devices d LEFT JOIN sessionTokens s
33 |   ON
34 |     d.sessionTokenId = s.tokenId
35 |   WHERE
36 |     d.uid = inUid;
37 | END;
38 | 
39 | CREATE PROCEDURE `createDevice_1` (
40 |   IN `inUid` BINARY(16),
41 |   IN `inId` BINARY(16),
42 |   IN `inSessionTokenId` BINARY(32),
43 |   IN `inName` VARCHAR(255),
44 |   IN `inType` VARCHAR(16),
45 |   IN `inCreatedAt` BIGINT UNSIGNED,
46 |   IN `inCallbackURL` VARCHAR(255),
47 |   IN `inCallbackPublicKey` BINARY(32)
48 | )
49 | BEGIN
50 |   INSERT INTO devices(
51 |     uid,
52 |     id,
53 |     sessionTokenId,
54 |     name,
55 |     type,
56 |     createdAt,
57 |     callbackURL,
58 |     callbackPublicKey
59 |   )
60 |   VALUES (
61 |     inUid,
62 |     inId,
63 |     inSessionTokenId,
64 |     inName,
65 |     inType,
66 |     inCreatedAt,
67 |     inCallbackURL,
68 |     inCallbackPublicKey
69 |   );
70 | END;
71 | 
72 | CREATE PROCEDURE `updateDevice_1` (
73 |   IN `inUid` BINARY(16),
74 |   IN `inId` BINARY(16),
75 |   IN `inSessionTokenId` BINARY(32),
76 |   IN `inName` VARCHAR(255),
77 |   IN `inType` VARCHAR(16),
78 |   IN `inCallbackURL` VARCHAR(255),
79 |   IN `inCallbackPublicKey` BINARY(32)
80 | )
81 | BEGIN
82 |   UPDATE devices
83 |   SET sessionTokenId = COALESCE(inSessionTokenId, sessionTokenId),
84 |     name = COALESCE(inName, name),
85 |     type = COALESCE(inType, type),
86 |     callbackURL = COALESCE(inCallbackURL, callbackURL),
87 |     callbackPublicKey = COALESCE(inCallbackPublicKey, callbackPublicKey)
88 |   WHERE uid = inUid AND id = inId;
89 | END;
90 | 
91 | UPDATE dbMetadata SET value = '20' WHERE name = 'schema-patch-level';
92 | 
93 | 


--------------------------------------------------------------------------------
/lib/db/schema/patch-020-019.sql:
--------------------------------------------------------------------------------
 1 | -- -- Drop new column and new constraint
 2 | -- ALTER TABLE devices
 3 | -- DROP COLUMN callbackPublicKey,
 4 | -- DROP INDEX UQ_devices_sessionTokenId;
 5 | 
 6 | -- -- Drop new stored procedures
 7 | -- DROP PROCEDURE `accountDevices_3`;
 8 | -- DROP PROCEDURE `createDevice_1`;
 9 | -- DROP PROCEDURE `updateDevice_1`;
10 | 
11 | -- -- Decrement the schema version
12 | -- UPDATE dbMetadata SET value = '19' WHERE name = 'schema-patch-level';
13 | 
14 | 


--------------------------------------------------------------------------------
/lib/db/schema/patch-020-021.sql:
--------------------------------------------------------------------------------
 1 | CREATE PROCEDURE `sessionWithDevice_1` (
 2 |   IN `inTokenId` BINARY(32)
 3 | )
 4 | BEGIN
 5 |   SELECT
 6 |     t.tokenData,
 7 |     t.uid,
 8 |     t.createdAt,
 9 |     t.uaBrowser,
10 |     t.uaBrowserVersion,
11 |     t.uaOS,
12 |     t.uaOSVersion,
13 |     t.uaDeviceType,
14 |     t.lastAccessTime,
15 |     a.emailVerified,
16 |     a.email,
17 |     a.emailCode,
18 |     a.verifierSetAt,
19 |     a.locale,
20 |     a.createdAt AS accountCreatedAt,
21 |     d.id AS deviceId,
22 |     d.name AS deviceName,
23 |     d.type AS deviceType,
24 |     d.createdAt AS deviceCreatedAt,
25 |     d.callbackURL AS deviceCallbackURL,
26 |     d.callbackPublicKey AS deviceCallbackPublicKey
27 |   FROM
28 |     sessionTokens t
29 |     LEFT JOIN accounts a ON t.uid = a.uid
30 |     LEFT JOIN devices d ON (t.tokenId = d.sessionTokenId AND t.uid = d.uid)
31 |   WHERE
32 |     t.tokenId = inTokenId;
33 | END;
34 | 
35 | UPDATE dbMetadata SET value = '21' WHERE name = 'schema-patch-level';
36 | 


--------------------------------------------------------------------------------
/lib/db/schema/patch-021-020.sql:
--------------------------------------------------------------------------------
1 | -- -- Drop new stored procedures
2 | -- DROP PROCEDURE `sessionWithDevice_1`;
3 | 
4 | -- -- Decrement the schema version
5 | -- UPDATE dbMetadata SET value = '20' WHERE name = 'schema-patch-level';
6 | 


--------------------------------------------------------------------------------
/lib/db/schema/patch-021-022.sql:
--------------------------------------------------------------------------------
 1 | -- Previous versions of the resetAccount stored procedure
 2 | -- do not expunge devices. This one does.
 3 | CREATE PROCEDURE `resetAccount_5` (
 4 |     IN `inUid` BINARY(16),
 5 |     IN `inVerifyHash` BINARY(32),
 6 |     IN `inAuthSalt` BINARY(32),
 7 |     IN `inWrapWrapKb` BINARY(32),
 8 |     IN `inVerifierSetAt` BIGINT UNSIGNED,
 9 |     IN `inVerifierVersion` TINYINT UNSIGNED
10 | )
11 | BEGIN
12 | 
13 |     DECLARE EXIT HANDLER FOR SQLEXCEPTION
14 |     BEGIN
15 |         ROLLBACK;
16 |         RESIGNAL;
17 |     END;
18 | 
19 |     START TRANSACTION;
20 | 
21 |     DELETE FROM sessionTokens WHERE uid = inUid;
22 |     DELETE FROM keyFetchTokens WHERE uid = inUid;
23 |     DELETE FROM accountResetTokens WHERE uid = inUid;
24 |     DELETE FROM passwordChangeTokens WHERE uid = inUid;
25 |     DELETE FROM passwordForgotTokens WHERE uid = inUid;
26 |     DELETE FROM accountUnlockCodes WHERE uid = inUid;
27 |     DELETE FROM devices WHERE uid = inUid;
28 | 
29 |     UPDATE
30 |         accounts
31 |     SET
32 |         verifyHash = inVerifyHash,
33 |         authSalt = inAuthSalt,
34 |         wrapWrapKb = inWrapWrapKb,
35 |         verifierSetAt = inVerifierSetAt,
36 |         verifierVersion = inVerifierVersion
37 |     WHERE
38 |         uid = inUid
39 |     ;
40 | 
41 |     INSERT INTO eventLog(
42 |         uid,
43 |         typ,
44 |         iat
45 |     )
46 |     VALUES(
47 |         inUid,
48 |         "reset",
49 |         UNIX_TIMESTAMP()
50 |     );
51 | 
52 |     COMMIT;
53 | END;
54 | 
55 | 
56 | -- Schema patch-level increment.
57 | UPDATE dbMetadata SET value = '22' WHERE name = 'schema-patch-level';
58 | 


--------------------------------------------------------------------------------
/lib/db/schema/patch-022-021.sql:
--------------------------------------------------------------------------------
1 | -- -- Drop new stored procedures
2 | -- DROP PROCEDURE `resetAccount_5`;
3 | 
4 | -- -- Decrement the schema version
5 | -- UPDATE dbMetadata SET value = '21' WHERE name = 'schema-patch-level';
6 | 


--------------------------------------------------------------------------------
/lib/db/schema/patch-023-022.sql:
--------------------------------------------------------------------------------
 1 | -- -- Drop new column and restore callbackPublicKey column type
 2 | -- ALTER TABLE devices
 3 | -- DROP COLUMN callbackAuthKey,
 4 | -- MODIFY COLUMN callbackPublicKey BINARY(32);
 5 | 
 6 | -- -- Drop new stored procedures
 7 | -- DROP PROCEDURE `accountDevices_4`;
 8 | -- DROP PROCEDURE `createDevice_2`;
 9 | -- DROP PROCEDURE `updateDevice_2`;
10 | -- DROP PROCEDURE `sessionWithDevice_2`;
11 | 
12 | -- -- Decrement the schema version
13 | -- UPDATE dbMetadata SET value = '22' WHERE name = 'schema-patch-level';
14 | 
15 | 


--------------------------------------------------------------------------------
/lib/db/schema/patch-024-023.sql:
--------------------------------------------------------------------------------
 1 | -- DROP PROCEDURE `verifyToken_1`;
 2 | -- DROP PROCEDURE `sessionWithDevice_3`;
 3 | -- DROP PROCEDURE `sessionTokenWithVerificationStatus_1`;
 4 | -- DROP PROCEDURE `resetAccount_6`;
 5 | -- DROP PROCEDURE `deleteAccount_7`;
 6 | -- DROP PROCEDURE `deleteDevice_2`;
 7 | -- DROP PROCEDURE `deleteSessionToken_2`;
 8 | -- DROP PROCEDURE `createSessionToken_3`;
 9 | 
10 | -- DROP TABLE `unverifiedTokens`;
11 | 
12 | -- UPDATE dbMetadata SET value = '23' WHERE name = 'schema-patch-level';
13 | 


--------------------------------------------------------------------------------
/lib/db/schema/patch-024-025.sql:
--------------------------------------------------------------------------------
 1 | -- Update createKeyFetchToken stored procedure to
 2 | -- insert into unverifiedTokens.
 3 | CREATE PROCEDURE `createKeyFetchToken_2` (
 4 |   IN `tokenId` BINARY(32),
 5 |   IN `authKey` BINARY(32),
 6 |   IN `uid` BINARY(16),
 7 |   IN `keyBundle` BINARY(96),
 8 |   IN `createdAt` BIGINT UNSIGNED,
 9 |   IN `tokenVerificationId` BINARY(16)
10 | )
11 | BEGIN
12 |   DECLARE EXIT HANDLER FOR SQLEXCEPTION
13 |   BEGIN
14 |     ROLLBACK;
15 |     RESIGNAL;
16 |   END;
17 | 
18 |   START TRANSACTION;
19 | 
20 |   INSERT INTO keyFetchTokens(
21 |     tokenId,
22 |     authKey,
23 |     uid,
24 |     keyBundle,
25 |     createdAt
26 |   )
27 |   VALUES(
28 |     tokenId,
29 |     authKey,
30 |     uid,
31 |     keyBundle,
32 |     createdAt
33 |   );
34 | 
35 |   IF tokenVerificationId IS NOT NULL THEN
36 |     INSERT INTO unverifiedTokens(
37 |       tokenId,
38 |       tokenVerificationId,
39 |       uid
40 |     )
41 |     VALUES(
42 |       tokenId,
43 |       tokenVerificationId,
44 |       uid
45 |     );
46 |   END IF;
47 | 
48 |   COMMIT;
49 | END;
50 | 
51 | -- Update deleteKeyFetchToken stored procedure to
52 | -- delete from unverifiedTokens.
53 | CREATE PROCEDURE `deleteKeyFetchToken_2` (
54 |   IN `tokenIdArg` BINARY(32)
55 | )
56 | BEGIN
57 |   DECLARE EXIT HANDLER FOR SQLEXCEPTION
58 |   BEGIN
59 |     ROLLBACK;
60 |     RESIGNAL;
61 |   END;
62 | 
63 |   START TRANSACTION;
64 | 
65 |   DELETE FROM keyFetchTokens WHERE tokenId = tokenIdArg;
66 |   DELETE FROM unverifiedTokens WHERE tokenId = tokenIdArg;
67 | 
68 |   COMMIT;
69 | END;
70 | 
71 | -- Add stored procedure for fetching keyFetchToken
72 | -- with its verification status.
73 | CREATE PROCEDURE `keyFetchTokenWithVerificationStatus_1` (
74 |   IN `tokenIdArg` BINARY(32)
75 | )
76 | BEGIN
77 |   SELECT
78 |     t.authKey,
79 |     t.uid,
80 |     t.keyBundle,
81 |     t.createdAt,
82 |     a.emailVerified,
83 |     a.verifierSetAt,
84 |     ut.tokenVerificationId
85 |   FROM keyFetchTokens AS t
86 |   LEFT JOIN accounts AS a
87 |     ON t.uid = a.uid
88 |   LEFT JOIN unverifiedTokens AS ut
89 |     ON t.tokenId = ut.tokenId
90 |   WHERE t.tokenId = tokenIdArg;
91 | END;
92 | 
93 | UPDATE dbMetadata SET value = '25' WHERE name = 'schema-patch-level';
94 | 
95 | 


--------------------------------------------------------------------------------
/lib/db/schema/patch-025-024.sql:
--------------------------------------------------------------------------------
1 | -- DROP PROCEDURE `keyFetchTokenWithVerificationStatus_1`;
2 | -- DROP PROCEDURE `deleteKeyFetchToken_2`;
3 | -- DROP PROCEDURE `createKeyFetchToken_2`;
4 | 
5 | -- UPDATE dbMetadata SET value = '24' WHERE name = 'schema-patch-level';
6 | 


--------------------------------------------------------------------------------
/lib/db/schema/patch-025-026.sql:
--------------------------------------------------------------------------------
  1 | CREATE TABLE IF NOT EXISTS verificationReminders (
  2 |   id BINARY(32) PRIMARY KEY,
  3 |   uid BINARY(16) NOT NULL,
  4 |   type VARCHAR(255) NOT NULL,
  5 |   createdAt BIGINT SIGNED NOT NULL,
  6 |   INDEX reminder_createdAt (createdAt)
  7 | ) ENGINE=InnoDB;
  8 | 
  9 | CREATE PROCEDURE `createVerificationReminder_1` (
 10 |     IN id BINARY(32),
 11 |     IN uid BINARY(16),
 12 |     IN type VARCHAR(255),
 13 |     IN createdAt BIGINT SIGNED
 14 | )
 15 | BEGIN
 16 |     INSERT INTO verificationReminders(
 17 |         id,
 18 |         uid,
 19 |         type,
 20 |         createdAt
 21 |     )
 22 |     VALUES(
 23 |         id,
 24 |         uid,
 25 |         type,
 26 |         createdAt
 27 |     );
 28 | END;
 29 | 
 30 | CREATE PROCEDURE `fetchVerificationReminders_1` (
 31 |     IN reminderType VARCHAR(255),
 32 |     IN reminderTime BIGINT SIGNED,
 33 |     IN reminderTimeOutdated BIGINT SIGNED,
 34 |     IN reminderLimit INTEGER
 35 | )
 36 | BEGIN
 37 |     -- Find reminders based on the reminderTime range, delete them and return them.
 38 | 
 39 |     -- Based on "Chapter 23: Best Practices in MySQL Stored Program Development"
 40 |     /*
 41 |       SQL-07: Use SELECT FOR UPDATE when retrieving rows for later update
 42 | 
 43 |       Use the SELECT FOR UPDATE statement to request that locks be placed on all rows
 44 |       identified by the query. You should do this whenever you expect to change some or
 45 |       all of those rows, and you don’t want another session to change them out from under
 46 |       you. Any other session trying to update the rows, or lock the rows
 47 |       (perhaps using FOR UPDATE), will have to wait.
 48 |     */
 49 | 
 50 |     DECLARE v_uid BINARY(16);
 51 |     DECLARE v_type VARCHAR(255);
 52 |     DECLARE v_last_reminder INT DEFAULT 0;
 53 | 
 54 |     -- Declare the cursor using a SELECT query. This will lock the rows that it is selecting.
 55 |     DECLARE reminder_csr CURSOR FOR
 56 |     SELECT
 57 |         uid,
 58 |         type
 59 |     FROM verificationReminders
 60 |     WHERE
 61 |       (ROUND(UNIX_TIMESTAMP(CURTIME(4)) * 1000) - createdAt) > reminderTime
 62 |     AND
 63 |       (ROUND(UNIX_TIMESTAMP(CURTIME(4)) * 1000) - createdAt) < reminderTimeOutdated
 64 |     AND
 65 |       type = reminderType
 66 |     LIMIT reminderLimit
 67 |     FOR UPDATE;
 68 | 
 69 |     -- Avoid infinite loop in the cursor
 70 |     DECLARE CONTINUE HANDLER FOR NOT FOUND SET v_last_reminder=1;
 71 | 
 72 |     -- Create a temp store for the cursor result
 73 |     DROP TEMPORARY TABLE IF EXISTS reminderResults;
 74 |     CREATE TEMPORARY TABLE IF NOT EXISTS reminderResults (
 75 |       uid BINARY(16),
 76 |       type VARCHAR(255)
 77 |     );
 78 | 
 79 |     START TRANSACTION;
 80 |       OPEN reminder_csr;
 81 |       reminder_loop:LOOP
 82 |       FETCH reminder_csr INTO v_uid, v_type;
 83 |       IF  v_last_reminder THEN
 84 |         LEAVE reminder_loop;
 85 |       END IF;
 86 |       INSERT INTO reminderResults VALUES (v_uid, v_type);
 87 |       CALL deleteVerificationReminder_1(v_uid, v_type);
 88 |       END LOOP reminder_loop;
 89 |       CLOSE reminder_csr;
 90 |       SET v_last_reminder=0;
 91 | 
 92 |     -- Clean up outdated reminders.
 93 |     DELETE FROM
 94 |       verificationReminders
 95 |     WHERE
 96 |       (ROUND(UNIX_TIMESTAMP(CURTIME(4)) * 1000) - createdAt) > reminderTimeOutdated
 97 |     AND
 98 |       type = reminderType;
 99 | 
100 |     -- Return the result
101 |     SELECT * FROM reminderResults;
102 |     COMMIT;
103 | 
104 | END;
105 | 
106 | CREATE PROCEDURE `deleteVerificationReminder_1` (
107 |     IN reminderUid BINARY(16),
108 |     IN reminderType VARCHAR(255)
109 | )
110 | BEGIN
111 |     DELETE FROM verificationReminders WHERE uid = reminderUid AND type = reminderType;
112 | END;
113 | 
114 | UPDATE dbMetadata SET value = '26' WHERE name = 'schema-patch-level';
115 | 


--------------------------------------------------------------------------------
/lib/db/schema/patch-026-025.sql:
--------------------------------------------------------------------------------
 1 | -- -- drop tables
 2 | 
 3 | -- DROP PROCEDURE `createVerificationReminder_1`;
 4 | -- DROP PROCEDURE `fetchVerificationReminders_1`;
 5 | -- DROP PROCEDURE `deleteVerificationReminder_1`;
 6 | 
 7 | -- DROP TABLE verificationReminders;
 8 | 
 9 | -- UPDATE dbMetadata SET value = '25' WHERE name = 'schema-patch-level';
10 | 


--------------------------------------------------------------------------------
/lib/db/schema/patch-026-027.sql:
--------------------------------------------------------------------------------
1 | -- Drop unused createAccountResetToken stored procedure.
2 | DROP PROCEDURE `createAccountResetToken_2`;
3 | 
4 | -- Schema patch-level increment.
5 | UPDATE dbMetadata SET value = '27' WHERE name = 'schema-patch-level';
6 | 


--------------------------------------------------------------------------------
/lib/db/schema/patch-027-026.sql:
--------------------------------------------------------------------------------
 1 | -- -- Reinstate dropped createAccountResetToken stored procedure
 2 | 
 3 | --CREATE PROCEDURE `createAccountResetToken_2` (
 4 | --    IN tokenId BINARY(32),
 5 | --    IN tokenData BINARY(32),
 6 | --    IN uid BINARY(16),
 7 | --    IN createdAt BIGINT UNSIGNED
 8 | --)
 9 | --BEGIN
10 | --    -- Since we only ever want one accountResetToken per uid, then we
11 | --    -- do a replace - generally due to a collision on the unique uid field.
12 | --    REPLACE INTO accountResetTokens(
13 | --        tokenId,
14 | --        tokenData,
15 | --        uid,
16 | --        createdAt
17 | --    )
18 | --    VALUES(
19 | --        tokenId,
20 | --        tokenData,
21 | --        uid,
22 | --        createdAt
23 | --    );
24 | --END;
25 | 
26 | --UPDATE dbMetadata SET value = '26' WHERE name = 'schema-patch-level';
27 | 


--------------------------------------------------------------------------------
/lib/db/schema/patch-027-028.sql:
--------------------------------------------------------------------------------
  1 | DROP PROCEDURE `openIdRecord_1`;
  2 | DROP PROCEDURE `createAccount_3`;
  3 | 
  4 | DROP TABLE `openids`;
  5 | 
  6 | -- Exact copy of `createAccount_2`, but with an updated version number
  7 | -- due to removal of `createAccount_3`.
  8 | CREATE PROCEDURE `createAccount_4` (
  9 |     IN `uid` BINARY(16) ,
 10 |     IN `normalizedEmail` VARCHAR(255),
 11 |     IN `email` VARCHAR(255),
 12 |     IN `emailCode` BINARY(16),
 13 |     IN `emailVerified` TINYINT(1),
 14 |     IN `kA` BINARY(32),
 15 |     IN `wrapWrapKb` BINARY(32),
 16 |     IN `authSalt` BINARY(32),
 17 |     IN `verifierVersion` TINYINT UNSIGNED,
 18 |     IN `verifyHash` BINARY(32),
 19 |     IN `verifierSetAt` BIGINT UNSIGNED,
 20 |     IN `createdAt` BIGINT UNSIGNED,
 21 |     IN `locale` VARCHAR(255)
 22 | )
 23 | BEGIN
 24 |     DECLARE EXIT HANDLER FOR SQLEXCEPTION
 25 |     BEGIN
 26 |         ROLLBACK;
 27 |         RESIGNAL;
 28 |     END;
 29 | 
 30 |     START TRANSACTION;
 31 | 
 32 |     INSERT INTO accounts(
 33 |         uid,
 34 |         normalizedEmail,
 35 |         email,
 36 |         emailCode,
 37 |         emailVerified,
 38 |         kA,
 39 |         wrapWrapKb,
 40 |         authSalt,
 41 |         verifierVersion,
 42 |         verifyHash,
 43 |         verifierSetAt,
 44 |         createdAt,
 45 |         locale
 46 |     )
 47 |     VALUES(
 48 |         uid,
 49 |         LOWER(normalizedEmail),
 50 |         email,
 51 |         emailCode,
 52 |         emailVerified,
 53 |         kA,
 54 |         wrapWrapKb,
 55 |         authSalt,
 56 |         verifierVersion,
 57 |         verifyHash,
 58 |         verifierSetAt,
 59 |         createdAt,
 60 |         locale
 61 |     );
 62 | 
 63 |     INSERT INTO eventLog(
 64 |         uid,
 65 |         typ,
 66 |         iat
 67 |     )
 68 |     VALUES(
 69 |         uid,
 70 |         "create",
 71 |         UNIX_TIMESTAMP()
 72 |     );
 73 | 
 74 |     IF emailVerified THEN
 75 |         INSERT INTO eventLog(
 76 |             uid,
 77 |             typ,
 78 |             iat
 79 |         )
 80 |         VALUES(
 81 |             uid,
 82 |             "verify",
 83 |             UNIX_TIMESTAMP()
 84 |         );
 85 |     END IF;
 86 | 
 87 |     COMMIT;
 88 | END;
 89 | 
 90 | -- Update deleteAccount to remove openid stuff
 91 | CREATE PROCEDURE `deleteAccount_8` (
 92 |   IN `uidArg` BINARY(16)
 93 | )
 94 | BEGIN
 95 |   DECLARE EXIT HANDLER FOR SQLEXCEPTION
 96 |   BEGIN
 97 |     ROLLBACK;
 98 |     RESIGNAL;
 99 |   END;
100 | 
101 |   START TRANSACTION;
102 | 
103 |   DELETE FROM sessionTokens WHERE uid = uidArg;
104 |   DELETE FROM keyFetchTokens WHERE uid = uidArg;
105 |   DELETE FROM accountResetTokens WHERE uid = uidArg;
106 |   DELETE FROM passwordChangeTokens WHERE uid = uidArg;
107 |   DELETE FROM passwordForgotTokens WHERE uid = uidArg;
108 |   DELETE FROM accountUnlockCodes WHERE uid = uidArg;
109 |   DELETE FROM accounts WHERE uid = uidArg;
110 |   DELETE FROM devices WHERE uid = uidArg;
111 |   DELETE FROM unverifiedTokens WHERE uid = uidArg;
112 | 
113 |   INSERT INTO eventLog(
114 |     uid,
115 |     typ,
116 |     iat
117 |   )
118 |   VALUES(
119 |     uidArg,
120 |     "delete",
121 |     UNIX_TIMESTAMP()
122 |   );
123 | 
124 |   COMMIT;
125 | END;
126 | 
127 | UPDATE dbMetadata SET value = '28' WHERE name = 'schema-patch-level';
128 | 


--------------------------------------------------------------------------------
/lib/db/schema/patch-028-027.sql:
--------------------------------------------------------------------------------
  1 | --CREATE TABLE openids (
  2 | --    hash BINARY(32) PRIMARY KEY,
  3 | --    id VARCHAR(255) NOT NULL,
  4 | --    uid BINARY(16) NOT NULL,
  5 | --    INDEX openid_uid (uid)
  6 | --) ENGINE=InnoDB;
  7 | 
  8 | --
  9 | --CREATE PROCEDURE `openIdRecord_1` (
 10 | --    IN `openidHash` BINARY(32)
 11 | --)
 12 | --BEGIN
 13 | --    SELECT
 14 | --        a.uid,
 15 | --        a.email,
 16 | --        a.normalizedEmail,
 17 | --        a.emailVerified,
 18 | --        a.emailCode,
 19 | --        a.kA,
 20 | --        a.wrapWrapKb,
 21 | --        a.verifierVersion,
 22 | --        a.authSalt,
 23 | --        a.verifierSetAt,
 24 | --        a.lockedAt,
 25 | --        o.id as openId
 26 | --    FROM
 27 | --        accounts a,
 28 | --        openids o
 29 | --    WHERE
 30 | --        o.hash = openidHash
 31 | --    AND
 32 | --        o.uid = a.uid
 33 | --    ;
 34 | --END;
 35 | 
 36 | -- added openid
 37 | --CREATE PROCEDURE `createAccount_3` (
 38 | --    IN `uid` BINARY(16) ,
 39 | --    IN `normalizedEmail` VARCHAR(255),
 40 | --    IN `email` VARCHAR(255),
 41 | --    IN `emailCode` BINARY(16),
 42 | --    IN `emailVerified` TINYINT(1),
 43 | --    IN `kA` BINARY(32),
 44 | --    IN `wrapWrapKb` BINARY(32),
 45 | --    IN `authSalt` BINARY(32),
 46 | --    IN `verifierVersion` TINYINT UNSIGNED,
 47 | --    IN `verifyHash` BINARY(32),
 48 | --    IN `verifierSetAt` BIGINT UNSIGNED,
 49 | --    IN `createdAt` BIGINT UNSIGNED,
 50 | --    IN `locale` VARCHAR(255),
 51 | --    IN `openid` VARCHAR(255),
 52 | --    IN `openidHash` BINARY(32)
 53 | --)
 54 | --BEGIN
 55 | --    DECLARE EXIT HANDLER FOR SQLEXCEPTION
 56 | --    BEGIN
 57 | --        ROLLBACK;
 58 | --        RESIGNAL;
 59 | --    END;
 60 | --
 61 | --    START TRANSACTION;
 62 | --
 63 | --    INSERT INTO accounts(
 64 | --        uid,
 65 | --        normalizedEmail,
 66 | --        email,
 67 | --        emailCode,
 68 | --        emailVerified,
 69 | --        kA,
 70 | --        wrapWrapKb,
 71 | --        authSalt,
 72 | --        verifierVersion,
 73 | --        verifyHash,
 74 | --        verifierSetAt,
 75 | --        createdAt,
 76 | --        locale
 77 | --    )
 78 | --    VALUES(
 79 | --        uid,
 80 | --        LOWER(normalizedEmail),
 81 | --        email,
 82 | --        emailCode,
 83 | --        emailVerified,
 84 | --        kA,
 85 | --        wrapWrapKb,
 86 | --        authSalt,
 87 | --        verifierVersion,
 88 | --        verifyHash,
 89 | --        verifierSetAt,
 90 | --        createdAt,
 91 | --        locale
 92 | --    );
 93 | --
 94 | --    IF openid IS NOT NULL THEN
 95 | --        INSERT INTO openids(
 96 | --            hash,
 97 | --            id,
 98 | --            uid
 99 | --        )
100 | --        VALUES(
101 | --            openidHash,
102 | --            openid,
103 | --            uid
104 | --        );
105 | --    END IF;
106 | --
107 | --    INSERT INTO eventLog(
108 | --        uid,
109 | --        typ,
110 | --        iat
111 | --    )
112 | --    VALUES(
113 | --        uid,
114 | --        "create",
115 | --        UNIX_TIMESTAMP()
116 | --    );
117 | --
118 | --    IF emailVerified THEN
119 | --        INSERT INTO eventLog(
120 | --            uid,
121 | --            typ,
122 | --            iat
123 | --        )
124 | --        VALUES(
125 | --            uid,
126 | --            "verify",
127 | --            UNIX_TIMESTAMP()
128 | --        );
129 | --    END IF;
130 | --
131 | --    COMMIT;
132 | --END;
133 | 
134 | -- DROP PROCEDURE `createAccount_4`;
135 | -- DROP PROCEDURE `deleteAccount_8`;
136 | 
137 | -- UPDATE dbMetadata SET value = '27' WHERE name = 'schema-patch-level';
138 | 


--------------------------------------------------------------------------------
/lib/db/schema/patch-029-028.sql:
--------------------------------------------------------------------------------
 1 | -- ALTER TABLE `unverifiedTokens`
 2 | -- DROP COLUMN mustVerify
 3 | -- ALGORITHM = INPLACE, LOCK = NONE;
 4 | 
 5 | -- DROP PROCEDURE `createSessionToken_4`;
 6 | -- DROP PROCEDURE `sessionTokenWithVerificationStatus_2`;
 7 | -- DROP PROCEDURE `sessionWithDevice_4`;
 8 | 
 9 | -- UPDATE dbMetadata SET value = '28' WHERE name = 'schema-patch-level';
10 | 


--------------------------------------------------------------------------------
/lib/db/schema/patch-029-30.sql:
--------------------------------------------------------------------------------
 1 | -- Update deleteSessionToken stored procedure to delete from devices.
 2 | CREATE PROCEDURE `deleteSessionToken_3` (
 3 |   IN `tokenIdArg` BINARY(32)
 4 | )
 5 | BEGIN
 6 |   DECLARE EXIT HANDLER FOR SQLEXCEPTION
 7 |   BEGIN
 8 |     ROLLBACK;
 9 |     RESIGNAL;
10 |   END;
11 | 
12 |   START TRANSACTION;
13 | 
14 |   -- The 'devices' table has an index on (uid, sessionTokenId),
15 |   -- so we have to look up the uid in order to do this efficiently.
16 |   DELETE FROM devices
17 |     WHERE sessionTokenId = tokenIdArg
18 |     AND uid = (SELECT uid FROM sessionTokens WHERE tokenId = tokenIdArg);
19 |   DELETE FROM sessionTokens WHERE tokenId = tokenIdArg;
20 |   DELETE FROM unverifiedTokens WHERE tokenId = tokenIdArg;
21 | 
22 |   COMMIT;
23 | END;
24 | 
25 | -- Update the patch level.
26 | UPDATE dbMetadata SET value = '30' WHERE name = 'schema-patch-level';
27 | 
28 | 


--------------------------------------------------------------------------------
/lib/db/schema/patch-030-029.sql:
--------------------------------------------------------------------------------
1 | -- DROP PROCEDURE `deleteSessionToken_3`;
2 | 
3 | -- UPDATE dbMetadata SET value = '29' WHERE name = 'schema-patch-level';
4 | 
5 | 


--------------------------------------------------------------------------------
/lib/db/schema/patch-030-031.sql:
--------------------------------------------------------------------------------
 1 | -- Alter the accountDevices stored procedure to use INNER JOIN instead of
 2 | -- LEFT JOIN. There are zombie device records, we don't care about them.
 3 | CREATE PROCEDURE `accountDevices_5` (
 4 |   IN `uidArg` BINARY(16)
 5 | )
 6 | BEGIN
 7 |   SELECT
 8 |     d.uid,
 9 |     d.id,
10 |     d.sessionTokenId,
11 |     d.name,
12 |     d.type,
13 |     d.createdAt,
14 |     d.callbackURL,
15 |     d.callbackPublicKey,
16 |     d.callbackAuthKey,
17 |     s.uaBrowser,
18 |     s.uaBrowserVersion,
19 |     s.uaOS,
20 |     s.uaOSVersion,
21 |     s.uaDeviceType,
22 |     s.lastAccessTime
23 |   FROM devices d INNER JOIN sessionTokens s
24 |   ON d.sessionTokenId = s.tokenId
25 |   WHERE d.uid = uidArg;
26 | END;
27 | 
28 | UPDATE dbMetadata SET value = '31' WHERE name = 'schema-patch-level';
29 | 


--------------------------------------------------------------------------------
/lib/db/schema/patch-031-030.sql:
--------------------------------------------------------------------------------
1 | -- DROP PROCEDURE `accountDevices_5`;
2 | 
3 | -- UPDATE dbMetadata SET value = '30' WHERE name = 'schema-patch-level';
4 | 
5 | 


--------------------------------------------------------------------------------
/lib/db/schema/patch-031-032.sql:
--------------------------------------------------------------------------------
  1 | -- Update deleteAccount to remove accountUnlockCodes
  2 | CREATE PROCEDURE `deleteAccount_9` (
  3 |   IN `uidArg` BINARY(16)
  4 | )
  5 | BEGIN
  6 |   DECLARE EXIT HANDLER FOR SQLEXCEPTION
  7 |   BEGIN
  8 |     ROLLBACK;
  9 |     RESIGNAL;
 10 |   END;
 11 | 
 12 |   START TRANSACTION;
 13 | 
 14 |   DELETE FROM sessionTokens WHERE uid = uidArg;
 15 |   DELETE FROM keyFetchTokens WHERE uid = uidArg;
 16 |   DELETE FROM accountResetTokens WHERE uid = uidArg;
 17 |   DELETE FROM passwordChangeTokens WHERE uid = uidArg;
 18 |   DELETE FROM passwordForgotTokens WHERE uid = uidArg;
 19 |   DELETE FROM accounts WHERE uid = uidArg;
 20 |   DELETE FROM devices WHERE uid = uidArg;
 21 |   DELETE FROM unverifiedTokens WHERE uid = uidArg;
 22 | 
 23 |   INSERT INTO eventLog(
 24 |     uid,
 25 |     typ,
 26 |     iat
 27 |   )
 28 |   VALUES(
 29 |     uidArg,
 30 |     "delete",
 31 |     UNIX_TIMESTAMP()
 32 |   );
 33 | 
 34 |   COMMIT;
 35 | END;
 36 | 
 37 | -- Updated to:
 38 | -- * not set lockedAt since it's no longer used.
 39 | -- * not delete from accountUnlockCodes since table is no longer available
 40 | CREATE PROCEDURE `forgotPasswordVerified_5` (
 41 |     IN `inPasswordForgotTokenId` BINARY(32),
 42 |     IN `inAccountResetTokenId` BINARY(32),
 43 |     IN `inTokenData` BINARY(32),
 44 |     IN `inUid` BINARY(16),
 45 |     IN `inCreatedAt` BIGINT UNSIGNED
 46 | )
 47 | BEGIN
 48 |     DECLARE EXIT HANDLER FOR SQLEXCEPTION
 49 |     BEGIN
 50 |         -- ERROR
 51 |         ROLLBACK;
 52 |         RESIGNAL;
 53 |     END;
 54 | 
 55 |     START TRANSACTION;
 56 | 
 57 |     -- Since we only ever want one accountResetToken per uid, then we
 58 |     -- do a replace - generally due to a collision on the unique uid field.
 59 |     REPLACE INTO accountResetTokens(
 60 |         tokenId,
 61 |         tokenData,
 62 |         uid,
 63 |         createdAt
 64 |     )
 65 |     VALUES(
 66 |         inAccountResetTokenId,
 67 |         inTokenData,
 68 |         inUid,
 69 |         inCreatedAt
 70 |     );
 71 | 
 72 |     DELETE FROM passwordForgotTokens WHERE tokenId = inPasswordForgotTokenId;
 73 | 
 74 |     UPDATE accounts SET emailVerified = true WHERE uid = inUid;
 75 | 
 76 |     COMMIT;
 77 | END;
 78 | 
 79 | 
 80 | -- Updated to:
 81 | -- * not delete from accountUnlockCodes since table is no longer available
 82 | CREATE PROCEDURE `resetAccount_7` (
 83 |   IN `uidArg` BINARY(16),
 84 |   IN `verifyHashArg` BINARY(32),
 85 |   IN `authSaltArg` BINARY(32),
 86 |   IN `wrapWrapKbArg` BINARY(32),
 87 |   IN `verifierSetAtArg` BIGINT UNSIGNED,
 88 |   IN `VerifierVersionArg` TINYINT UNSIGNED
 89 | )
 90 | BEGIN
 91 |   DECLARE EXIT HANDLER FOR SQLEXCEPTION
 92 |   BEGIN
 93 |     ROLLBACK;
 94 |     RESIGNAL;
 95 |   END;
 96 | 
 97 |   START TRANSACTION;
 98 | 
 99 |   DELETE FROM sessionTokens WHERE uid = uidArg;
100 |   DELETE FROM keyFetchTokens WHERE uid = uidArg;
101 |   DELETE FROM accountResetTokens WHERE uid = uidArg;
102 |   DELETE FROM passwordChangeTokens WHERE uid = uidArg;
103 |   DELETE FROM passwordForgotTokens WHERE uid = uidArg;
104 |   DELETE FROM devices WHERE uid = uidArg;
105 |   DELETE FROM unverifiedTokens WHERE uid = uidArg;
106 | 
107 |   UPDATE accounts
108 |   SET
109 |     verifyHash = verifyHashArg,
110 |     authSalt = authSaltArg,
111 |     wrapWrapKb = wrapWrapKbArg,
112 |     verifierSetAt = verifierSetAtArg,
113 |     verifierVersion = verifierVersionArg
114 |   WHERE uid = uidArg;
115 | 
116 |   INSERT INTO eventLog(uid, typ, iat)
117 |   VALUES(uidArg, "reset", UNIX_TIMESTAMP());
118 | 
119 |   COMMIT;
120 | END;
121 | 
122 | DROP TABLE accountUnlockCodes;
123 | 
124 | -- Schema patch-level increment.
125 | UPDATE dbMetadata SET value = '32' WHERE name = 'schema-patch-level';
126 | 


--------------------------------------------------------------------------------
/lib/db/schema/patch-032-031.sql:
--------------------------------------------------------------------------------
 1 | -- -- the codes to unlock an account
 2 | -- CREATE TABLE accountUnlockCodes (
 3 | --   uid BINARY(16) PRIMARY KEY NOT NULL,
 4 | --   unlockCode BINARY(16) NOT NULL
 5 | -- ) ENGINE=InnoDB;
 6 | --
 7 | -- DROP PROCEDURE `resetAccount_7`;
 8 | -- DROP PROCEDURE `forgotPasswordVerified_5`;
 9 | -- DROP PROCEDURE `deleteAccount_9`;
10 | --
11 | -- -- Schema patch-level decrement.
12 | -- UPDATE dbMetadata SET value = '31' WHERE name = 'schema-patch-level';
13 | 


--------------------------------------------------------------------------------
/lib/db/schema/patch-032-033.sql:
--------------------------------------------------------------------------------
 1 | CREATE TABLE IF NOT EXISTS securityEventNames (
 2 |   id INT AUTO_INCREMENT PRIMARY KEY,
 3 |   name VARCHAR(255) NOT NULL,
 4 |   UNIQUE INDEX securityEventNamesUnique(name)
 5 | ) ENGINE=InnoDB;
 6 | 
 7 | CREATE TABLE IF NOT EXISTS securityEvents (
 8 |   uid BINARY(16) NOT NULL,
 9 |   nameId INT NOT NULL,
10 |   FOREIGN KEY (nameId) REFERENCES securityEventNames(id) ON DELETE CASCADE,
11 |   tokenId BINARY(32),
12 |   verified BOOLEAN,
13 |   ipAddrHmac BINARY(32) NOT NULL,
14 |   createdAt BIGINT SIGNED NOT NULL,
15 |   INDEX securityEvents_uid_ipAddrHmac (uid, ipAddrHmac),
16 |   INDEX securityEvents_uid_tokenId (uid, tokenId)
17 | ) ENGINE=InnoDB;
18 | 
19 | INSERT INTO
20 |     securityEventNames (name)
21 | VALUES
22 |     ("account.create"),
23 |     ("account.login"),
24 |     ("account.reset");
25 | 
26 | CREATE PROCEDURE `createSecurityEvent_1` (
27 |     IN inUid BINARY(16),
28 |     IN inToken BINARY(32),
29 |     IN inName INT,
30 |     IN inIpAddr BINARY(32),
31 |     IN inCreatedAt BIGINT SIGNED
32 | )
33 | BEGIN
34 |     INSERT INTO securityEvents(
35 |         uid,
36 |         tokenId,
37 |         verified,
38 |         nameId,
39 |         ipAddrHmac,
40 |         createdAt
41 |     )
42 |     VALUES(
43 |         inUid,
44 |         inToken,
45 |         (
46 |           SELECT COUNT(*)
47 |           FROM unverifiedTokens u
48 |           WHERE u.uid = inUid AND u.tokenId = inToken
49 |         ) = 0,
50 |         inName,
51 |         inIpAddr,
52 |         inCreatedAt
53 |     );
54 | END;
55 | 
56 | CREATE PROCEDURE `fetchSecurityEvents_1` (
57 |     IN inUid BINARY(16),
58 |     IN inIpAddr BINARY(32)
59 | )
60 | BEGIN
61 |     SELECT
62 |         n.name,
63 |         e.verified,
64 |         e.createdAt
65 |     FROM
66 |         securityEvents e
67 |     LEFT JOIN securityEventNames n
68 |         ON e.nameId = n.id
69 |     WHERE
70 |         e.uid = inUid
71 |     AND
72 |         e.ipAddrHmac = inIpAddr
73 |     ORDER BY e.createdAt DESC
74 |     LIMIT 50;
75 | END;
76 | 
77 | CREATE PROCEDURE `verifyToken_2` (
78 |   IN `tokenVerificationIdArg` BINARY(16),
79 |   IN `uidArg` BINARY(16)
80 | )
81 | BEGIN
82 |   UPDATE securityEvents
83 |   SET verified = true
84 |   WHERE tokenId IN (
85 |     SELECT tokenId
86 |     FROM unverifiedTokens
87 |     WHERE tokenVerificationId = tokenVerificationIdArg
88 |     AND uid = uidArg
89 |   )
90 |   AND uid = uidArg;
91 | 
92 |   DELETE FROM unverifiedTokens
93 |   WHERE tokenVerificationId = tokenVerificationIdArg
94 |   AND uid = uidArg;
95 | END;
96 | 
97 | 
98 | UPDATE dbMetadata SET value = '33' WHERE name = 'schema-patch-level';
99 | 


--------------------------------------------------------------------------------
/lib/db/schema/patch-033-032.sql:
--------------------------------------------------------------------------------
 1 | -- -- drop tables
 2 | 
 3 | -- DROP PROCEDURE `createSecurityEvent_1`;
 4 | -- DROP PROCEDURE `fetchSecurityEvents_1`;
 5 | -- DROP PROCEDURE `verifyToken_2`;
 6 | 
 7 | -- DROP TABLE securityEvents;
 8 | -- DROP TABLE securityEventNames;
 9 | 
10 | -- UPDATE dbMetadata SET value = '32' WHERE name = 'schema-patch-level';
11 | 


--------------------------------------------------------------------------------
/lib/db/schema/patch-033-034.sql:
--------------------------------------------------------------------------------
 1 | -- Alter the accountDevices stored procedure to INNER JOIN with accounts
 2 | -- so that we can disable devices.lastAccessTime by email address in the
 3 | -- auth server.
 4 | CREATE PROCEDURE `accountDevices_6` (
 5 |   IN `uidArg` BINARY(16)
 6 | )
 7 | BEGIN
 8 |   SELECT
 9 |     d.uid,
10 |     d.id,
11 |     d.sessionTokenId,
12 |     d.name,
13 |     d.type,
14 |     d.createdAt,
15 |     d.callbackURL,
16 |     d.callbackPublicKey,
17 |     d.callbackAuthKey,
18 |     s.uaBrowser,
19 |     s.uaBrowserVersion,
20 |     s.uaOS,
21 |     s.uaOSVersion,
22 |     s.uaDeviceType,
23 |     s.lastAccessTime,
24 |     a.email
25 |   FROM devices AS d
26 |   INNER JOIN sessionTokens AS s
27 |     ON d.sessionTokenId = s.tokenId
28 |   INNER JOIN accounts AS a
29 |     ON d.uid = a.uid
30 |   WHERE d.uid = uidArg;
31 | END;
32 | 
33 | UPDATE dbMetadata SET value = '34' WHERE name = 'schema-patch-level';
34 | 


--------------------------------------------------------------------------------
/lib/db/schema/patch-034-033.sql:
--------------------------------------------------------------------------------
1 | -- DROP PROCEDURE `accountDevices_6`;
2 | 
3 | -- UPDATE dbMetadata SET value = '33' WHERE name = 'schema-patch-level';
4 | 
5 | 


--------------------------------------------------------------------------------
/lib/db/schema/patch-034-035.sql:
--------------------------------------------------------------------------------
 1 | CREATE TABLE IF NOT EXISTS unblockCodes (
 2 |   uid BINARY(16) NOT NULL,
 3 |   unblockCodeHash BINARY(32) NOT NULL,
 4 |   createdAt BIGINT SIGNED NOT NULL,
 5 |   PRIMARY KEY(uid, unblockCodeHash)
 6 | ) ENGINE=InnoDB;
 7 | 
 8 | CREATE PROCEDURE `createUnblockCode_1` (
 9 |     IN inUid BINARY(16),
10 |     IN inCodeHash BINARY(32),
11 |     IN inCreatedAt BIGINT SIGNED
12 | )
13 | BEGIN
14 |     INSERT INTO unblockCodes(
15 |         uid,
16 |         unblockCodeHash,
17 |         createdAt
18 |     )
19 |     VALUES(
20 |         inUid,
21 |         inCodeHash,
22 |         inCreatedAt
23 |     );
24 | END;
25 | 
26 | CREATE PROCEDURE `consumeUnblockCode_1` (
27 |     inUid BINARY(16),
28 |     inCodeHash BINARY(32)
29 | )
30 | BEGIN
31 |     DECLARE timestamp BIGINT;
32 |     SET @timestamp = (
33 |         SELECT createdAt FROM unblockCodes
34 |         WHERE
35 |             uid = inUid
36 |         AND
37 |             unblockCodeHash = inCodeHash
38 |     );
39 | 
40 |     DELETE FROM unblockCodes
41 |     WHERE
42 |         uid = inUid
43 |     AND
44 |         unblockCodeHash = inCodeHash;
45 | 
46 |     SELECT @timestamp AS createdAt;
47 | END;
48 | 
49 | -- Update deleteAccount to remove unblockCodes
50 | CREATE PROCEDURE `deleteAccount_10` (
51 |   IN `uidArg` BINARY(16)
52 | )
53 | BEGIN
54 |   DECLARE EXIT HANDLER FOR SQLEXCEPTION
55 |   BEGIN
56 |     ROLLBACK;
57 |     RESIGNAL;
58 |   END;
59 | 
60 |   START TRANSACTION;
61 | 
62 |   DELETE FROM sessionTokens WHERE uid = uidArg;
63 |   DELETE FROM keyFetchTokens WHERE uid = uidArg;
64 |   DELETE FROM accountResetTokens WHERE uid = uidArg;
65 |   DELETE FROM passwordChangeTokens WHERE uid = uidArg;
66 |   DELETE FROM passwordForgotTokens WHERE uid = uidArg;
67 |   DELETE FROM accounts WHERE uid = uidArg;
68 |   DELETE FROM devices WHERE uid = uidArg;
69 |   DELETE FROM unverifiedTokens WHERE uid = uidArg;
70 |   DELETE FROM unblockCodes WHERE uid = uidArg;
71 | 
72 |   INSERT INTO eventLog(
73 |     uid,
74 |     typ,
75 |     iat
76 |   )
77 |   VALUES(
78 |     uidArg,
79 |     "delete",
80 |     UNIX_TIMESTAMP()
81 |   );
82 | 
83 |   COMMIT;
84 | END;
85 | 
86 | 
87 | UPDATE dbMetadata SET value = '35' WHERE name = 'schema-patch-level';
88 | 


--------------------------------------------------------------------------------
/lib/db/schema/patch-035-034.sql:
--------------------------------------------------------------------------------
 1 | -- -- drop unblockCodes
 2 | 
 3 | -- DROP PROCEDURE `createUnblockCode_1`;
 4 | -- DROP PROCEDURE `consumeUnblockCode_1`;
 5 | -- DROP PROCEDURE `deleteAccount_10`;
 6 | 
 7 | -- DROP TABLE unblockCodes;
 8 | 
 9 | -- UPDATE dbMetadata SET value = '34' WHERE name = 'schema-patch-level';
10 | 


--------------------------------------------------------------------------------
/lib/db/schema/patch-036-035.sql:
--------------------------------------------------------------------------------
 1 | -- Rollback to previous logic for securityEvents table.
 2 | 
 3 | -- CREATE INDEX securityEvents_uid_ipAddrHmac
 4 | -- ON securityEvents (uid, ipAddrHmac)
 5 | -- ALGORITHM = INPLACE, LOCK = NONE;
 6 | 
 7 | -- DROP PROCEDURE `verifyToken_3`
 8 | -- DROP PROCEDURE `createSecurityEvent_2`
 9 | 
10 | -- DROP INDEX securityEvents_uid_tokenVerificationId
11 | -- ON securityEvents
12 | -- ALGORITHM = INPLACE, LOCK = NONE;
13 | 
14 | -- DROP INDEX securityEvents_uid_ipAddrHmac_createdAt
15 | -- ON securityEvents
16 | -- ALGORITHM = INPLACE, LOCK = NONE;
17 | 
18 | -- ALTER TABLE `securityEvents`
19 | -- DROP COLUMN `tokenVerificationId`
20 | -- ALGORITHM = INPLACE, LOCK = NONE;
21 | 
22 | -- UPDATE dbMetadata SET value = '35' WHERE name = 'schema-patch-level';
23 | 


--------------------------------------------------------------------------------
/lib/db/schema/patch-037-036.sql:
--------------------------------------------------------------------------------
1 | -- Rollback to previous use of the eventLog table.
2 | 
3 | -- DROP PROCEDURE `createAccount_5`;
4 | -- DROP PROCEDURE `verifyEmail_3`;
5 | -- DROP PROCEDURE `resetAccount_8`;
6 | -- DROP PROCEDURE `deleteAccount_11`;
7 | 
8 | -- UPDATE dbMetadata SET value = '36' WHERE name = 'schema-patch-level';
9 | 


--------------------------------------------------------------------------------
/lib/db/schema/patch-037-038.sql:
--------------------------------------------------------------------------------
 1 | -- This migration changes the `createSecurityEvent` procedure
 2 | -- to stop writing to the `securityEvents.tokenId` column.
 3 | -- That column is no longer used by we were still writing to it
 4 | -- for backwards-compatibility reasons.
 5 | --
 6 | -- We cant actually drop the column until this change is deployed
 7 | -- and nothing is writing to it, so a future migration will be
 8 | -- needed in order to:
 9 | --
10 | --  * drop the tokenId column
11 | --  * drop the corresponding securityEvents_uid_tokenId index
12 | --
13 | 
14 | CREATE PROCEDURE `createSecurityEvent_3` (
15 |     IN inUid BINARY(16),
16 |     IN inToken BINARY(32),
17 |     IN inName INT,
18 |     IN inIpAddr BINARY(32),
19 |     IN inCreatedAt BIGINT SIGNED
20 | )
21 | BEGIN
22 |     DECLARE inTokenVerificationId BINARY(16);
23 |     SET inTokenVerificationId = (
24 |       SELECT tokenVerificationId
25 |       FROM unverifiedTokens u
26 |       WHERE u.uid = inUid AND u.tokenId = inToken
27 |     );
28 |     INSERT INTO securityEvents(
29 |         uid,
30 |         tokenVerificationId,
31 |         verified,
32 |         nameId,
33 |         ipAddrHmac,
34 |         createdAt
35 |     )
36 |     VALUES(
37 |         inUid,
38 |         inTokenVerificationId,
39 |         inTokenVerificationId IS NULL,
40 |         inName,
41 |         inIpAddr,
42 |         inCreatedAt
43 |     );
44 | END;
45 | 
46 | UPDATE dbMetadata SET value = '38' WHERE name = 'schema-patch-level';
47 | 


--------------------------------------------------------------------------------
/lib/db/schema/patch-038-037.sql:
--------------------------------------------------------------------------------
1 | 
2 | -- DROP PROCEDURE `createSecurityEvent_3`;
3 | 
4 | -- UPDATE dbMetadata SET value = '37' WHERE name = 'schema-patch-level';
5 | 


--------------------------------------------------------------------------------
/lib/db/schema/patch-038-039.sql:
--------------------------------------------------------------------------------
 1 | -- This migration completes the work of two previous migrations:
 2 | --
 3 | --   * v37, where we stopped recording account lifecycle
 4 | --     events in the `eventLog` table.
 5 | --   * v38, where we stopped using the `tokenId` column
 6 | --     in the `securityEvents` table.
 7 | --
 8 | -- It's the final cleanup work that we can do now that there
 9 | -- are no old webheads running previous versions of the code.
10 | 
11 | 
12 | DROP TABLE eventLog;
13 | 
14 | DROP TABLE eventLogPublishState;
15 | 
16 | ALTER TABLE securityEvents
17 | DROP INDEX securityEvents_uid_tokenId,
18 | ALGORITHM = INPLACE, LOCK = NONE;
19 | 
20 | ALTER TABLE securityEvents
21 | DROP COLUMN tokenId,
22 | ALGORITHM = INPLACE, LOCK = NONE;
23 | 
24 | UPDATE dbMetadata SET value = '39' WHERE name = 'schema-patch-level';
25 | 


--------------------------------------------------------------------------------
/lib/db/schema/patch-039-038.sql:
--------------------------------------------------------------------------------
 1 | -- Rollback; commented out to prevent accidental running
 2 | -- in production.
 3 | 
 4 | -- ALTER TABLE `securityEvents`
 5 | -- ADD COLUMN tokenId BINARY(32)
 6 | -- ALGORITHM = INPLACE, LOCK = NONE;
 7 | 
 8 | -- CREATE INDEX securityEvents_uid_tokenId
 9 | -- ON securityEvents (uid, tokenId)
10 | -- ALGORITHM = INPLACE, LOCK = NONE;
11 | 
12 | -- CREATE TABLE eventLogPublishState (
13 | --   lastPublishedPos BIGINT UNSIGNED NOT NULL,
14 | --   lastPublishedAt INT UNSIGNED NOT NULL
15 | -- ) ENGINE=InnoDB;
16 | 
17 | -- CREATE TABLE eventLog (
18 | --   pos BIGINT UNSIGNED NOT NULL AUTO_INCREMENT PRIMARY KEY,
19 | --   uid BINARY(16) NOT NULL,
20 | --   typ ENUM('create', 'verify', 'reset', 'delete') NOT NULL,
21 | --   iat INT UNSIGNED NOT NULL
22 | -- ) ENGINE=InnoDB;
23 | 
24 | -- UPDATE dbMetadata SET value = '38' WHERE name = 'schema-patch-level';
25 | 


--------------------------------------------------------------------------------
/lib/db/schema/patch-039-040.sql:
--------------------------------------------------------------------------------
 1 | -- Drop the old reminders table, it was not functioning correctly
 2 | DROP TABLE IF EXISTS `verificationReminders`;
 3 | 
 4 | 
 5 | CREATE TABLE verificationReminders (
 6 |   uid BINARY(16) NOT NULL,
 7 |   type VARCHAR(255) NOT NULL,
 8 |   createdAt BIGINT SIGNED NOT NULL,
 9 |   PRIMARY KEY(uid, type),
10 |   INDEX reminder_createdAt (createdAt)
11 | ) ENGINE=InnoDB;
12 | 
13 | 
14 | CREATE PROCEDURE `createVerificationReminder_2` (
15 |     IN uid BINARY(16),
16 |     IN type VARCHAR(255),
17 |     IN createdAt BIGINT SIGNED
18 | )
19 | BEGIN
20 |     INSERT INTO verificationReminders(
21 |         uid,
22 |         type,
23 |         createdAt
24 |     )
25 |     VALUES(
26 |         uid,
27 |         type,
28 |         createdAt
29 |     );
30 | END;
31 | 
32 | 
33 | CREATE PROCEDURE `fetchVerificationReminders_2` (
34 |     IN currentTimeArg BIGINT SIGNED,
35 |     IN reminderTypeArg VARCHAR(255),
36 |     IN reminderTimeArg BIGINT SIGNED,
37 |     IN reminderTimeOutdatedArg BIGINT SIGNED,
38 |     IN reminderLimitArg INTEGER
39 | )
40 | BEGIN
41 |   DECLARE EXIT HANDLER FOR SQLEXCEPTION
42 |   BEGIN
43 |     DO RELEASE_LOCK('fxa-auth-server.verification-reminders-lock');
44 |     ROLLBACK;
45 |     RESIGNAL;
46 |   END;
47 | 
48 |   START TRANSACTION;
49 | 
50 |   DO @lockAcquired:=GET_LOCK('fxa-auth-server.verification-reminders-lock', 1);
51 | 
52 |   IF @lockAcquired THEN
53 |     DROP TEMPORARY TABLE IF EXISTS reminderResults;
54 | 
55 |     -- Select these straight into the temporary table
56 |     -- and avoid using a cursor. Use ORDER BY to
57 |     -- ensure the query is deterministic.
58 |     CREATE TEMPORARY TABLE reminderResults AS
59 |       SELECT uid, type
60 |       FROM verificationReminders
61 |       -- Since we want to order by `createdAt`, we have to rearrange
62 |       -- the `WHERE` clauses so `createdAt` is positive rather than negated.
63 |       WHERE  createdAt < currentTimeArg - reminderTimeArg
64 |       AND createdAt > currentTimeArg - reminderTimeOutdatedArg
65 |       AND type = reminderTypeArg
66 |       ORDER BY createdAt, uid, type
67 |       LIMIT reminderLimitArg;
68 | 
69 |     -- Because the query is deterministic we can delete
70 |     -- all the selected items at once, rather than calling
71 |     -- deleteVerificationReminder()
72 |     DELETE FROM verificationReminders
73 |       WHERE  createdAt < currentTimeArg - reminderTimeArg
74 |       AND createdAt > currentTimeArg - reminderTimeOutdatedArg
75 |       AND type = reminderTypeArg
76 |       ORDER BY createdAt, uid, type
77 |       LIMIT reminderLimitArg;
78 | 
79 |     -- Clean up outdated reminders.
80 |     DELETE FROM
81 |       verificationReminders
82 |     WHERE
83 |       createdAt < currentTimeArg - reminderTimeOutdatedArg
84 |     AND
85 |       type = reminderTypeArg;
86 | 
87 |     -- Return the result
88 |     SELECT * FROM reminderResults;
89 | 
90 |     DO RELEASE_LOCK('fxa-auth-server.verification-reminders-lock');
91 | 
92 |   END IF;
93 |   COMMIT;
94 | END;
95 | 
96 | 
97 | UPDATE dbMetadata SET value = '40' WHERE name = 'schema-patch-level';
98 | 


--------------------------------------------------------------------------------
/lib/db/schema/patch-040-039.sql:
--------------------------------------------------------------------------------
1 | -- ALTER TABLE `verificationReminders` DROP PRIMARY KEY, ADD PRIMARY KEY (`id`);
2 | -- DROP PROCEDURE `fetchVerificationReminders_2`;
3 | -- DROP PROCEDURE `createVerificationReminder_2`;
4 | 
5 | -- UPDATE dbMetadata SET value = '39' WHERE name = 'schema-patch-level';
6 | 


--------------------------------------------------------------------------------
/lib/db/schema/patch-040-041.sql:
--------------------------------------------------------------------------------
 1 | CREATE TABLE IF NOT EXISTS emailBounces (
 2 |   email VARCHAR(255) NOT NULL,
 3 |   bounceType TINYINT UNSIGNED NOT NULL,
 4 |   bounceSubType TINYINT UNSIGNED NOT NULL,
 5 |   createdAt BIGINT UNSIGNED NOT NULL,
 6 |   PRIMARY KEY(email, createdAt)
 7 | ) ENGINE=InnoDB;
 8 | 
 9 | CREATE PROCEDURE `createEmailBounce_1` (
10 |   IN inEmail VARCHAR(255),
11 |   IN inBounceType TINYINT UNSIGNED,
12 |   IN inBounceSubType TINYINT UNSIGNED,
13 |   IN inCreatedAt BIGINT UNSIGNED
14 | )
15 | BEGIN
16 |   INSERT INTO emailBounces(
17 |     email,
18 |     bounceType,
19 |     bounceSubType,
20 |     createdAt
21 |   )
22 |   VALUES(
23 |     inEmail,
24 |     inBounceType,
25 |     inBounceSubType,
26 |     inCreatedAt
27 |   );
28 | END;
29 | 
30 | CREATE PROCEDURE `fetchEmailBounces_1` (
31 |   IN `inEmail` VARCHAR(255)
32 | )
33 | BEGIN
34 |   SELECT
35 |       email,
36 |       bounceType,
37 |       bounceSubType,
38 |       createdAt
39 |   FROM emailBounces
40 |   WHERE email = inEmail
41 |   ORDER BY createdAt DESC
42 |   LIMIT 20;
43 | END;
44 | 
45 | UPDATE dbMetadata SET value = '41' WHERE name = 'schema-patch-level';
46 | 


--------------------------------------------------------------------------------
/lib/db/schema/patch-041-040.sql:
--------------------------------------------------------------------------------
1 | -- Rollback; commented out to prevent accidental running
2 | -- in production.
3 | 
4 | -- DROP TABLE `emailBounces`;
5 | -- DROP PROCEDURE `createEmailBounce_1`;
6 | -- DROP PROCEDURE `fetchEmailBounces_1`;
7 | 
8 | -- UPDATE dbMetadata SET value = '40' WHERE name = 'schema-patch-level';
9 | 


--------------------------------------------------------------------------------
/lib/db/schema/patch-041-042.sql:
--------------------------------------------------------------------------------
 1 | -- This migration creates the `deviceFromTokenVerificationId_1`
 2 | -- procedure that tries to find a device associated with a session
 3 | -- that can be verified with a specific tokenVerificationId.
 4 | 
 5 | CREATE PROCEDURE `deviceFromTokenVerificationId_1` (
 6 |     IN inUid BINARY(16),
 7 |     IN inTokenVerificationId BINARY(16)
 8 | )
 9 | BEGIN
10 |     SELECT
11 |         d.id,
12 |         d.name,
13 |         d.type,
14 |         d.createdAt,
15 |         d.callbackURL,
16 |         d.callbackPublicKey,
17 |         d.callbackAuthKey
18 |     FROM unverifiedTokens AS u
19 |     INNER JOIN devices AS d
20 |         ON (u.tokenId = d.sessionTokenId AND u.uid = d.uid)
21 |     WHERE u.uid = inUid AND u.tokenVerificationId = inTokenVerificationId;
22 | END;
23 | 
24 | UPDATE dbMetadata SET value = '42' WHERE name = 'schema-patch-level';
25 | 


--------------------------------------------------------------------------------
/lib/db/schema/patch-042-041.sql:
--------------------------------------------------------------------------------
1 | -- Rollback; commented out to prevent accidental running
2 | -- in production.
3 | 
4 | -- DROP PROCEDURE `deviceFromTokenVerificationId_1`;
5 | 
6 | -- UPDATE dbMetadata SET value = '41' WHERE name = 'schema-patch-level';
7 | 
8 | 


--------------------------------------------------------------------------------
/lib/db/schema/patch-042-043.sql:
--------------------------------------------------------------------------------
 1 | -- Add index to unblockCodes table
 2 | CREATE INDEX unblockCodes_createdAt
 3 | ON unblockCodes (createdAt)
 4 | ALGORITHM = INPLACE LOCK = NONE;
 5 | 
 6 | -- New prune procedure
 7 | CREATE PROCEDURE `prune_2` (IN pruneTokensOlderThanDate BIGINT UNSIGNED)
 8 | BEGIN
 9 |     -- try and obtain the prune lock
10 |     SELECT @lockAcquired:=GET_LOCK('fxa-auth-server.prune-lock', 3);
11 | 
12 |     IF @lockAcquired THEN
13 | 
14 |       DELETE FROM accountResetTokens WHERE createdAt < pruneTokensOlderThanDate ORDER BY createdAt LIMIT 10000;
15 |       DELETE FROM passwordForgotTokens WHERE createdAt < pruneTokensOlderThanDate ORDER BY createdAt LIMIT 10000;
16 |       DELETE FROM passwordChangeTokens WHERE createdAt < pruneTokensOlderThanDate ORDER BY createdAt LIMIT 10000;
17 |       DELETE FROM unblockCodes WHERE createdAt < pruneTokensOlderThanDate ORDER BY createdAt LIMIT 10000;
18 | 
19 |       -- release the lock
20 |       SELECT RELEASE_LOCK('fxa-auth-server.prune-lock');
21 | 
22 |     END IF;
23 | 
24 | END;
25 | 
26 | UPDATE dbMetadata SET value = '43' WHERE name = 'schema-patch-level';
27 | 


--------------------------------------------------------------------------------
/lib/db/schema/patch-043-042.sql:
--------------------------------------------------------------------------------
1 | -- DROP PROCEDURE `prune_2`;
2 | -- -- no need for this 'prune-last-ran'
3 | -- DELETE FROM dbMetadata WHERE name = 'prune-last-ran';
4 | 
5 | -- UPDATE dbMetadata SET value = '42' WHERE name = 'schema-patch-level';
6 | 


--------------------------------------------------------------------------------
/lib/db/schema/patch-043-044.sql:
--------------------------------------------------------------------------------
 1 | -- Update email record to return `createdAt`
 2 | -- emailRecord v4
 3 | CREATE PROCEDURE `emailRecord_4` (
 4 |     IN `inEmail` VARCHAR(255)
 5 | )
 6 | BEGIN
 7 |     SELECT
 8 |         a.uid,
 9 |         a.email,
10 |         a.normalizedEmail,
11 |         a.emailVerified,
12 |         a.emailCode,
13 |         a.kA,
14 |         a.wrapWrapKb,
15 |         a.verifierVersion,
16 |         a.authSalt,
17 |         a.verifierSetAt,
18 |         a.lockedAt,
19 |         a.createdAt
20 |     FROM
21 |         accounts a
22 |     WHERE
23 |         a.normalizedEmail = LOWER(inEmail)
24 |     ;
25 | END;
26 | 
27 | UPDATE dbMetadata SET value = '44' WHERE name = 'schema-patch-level';
28 | 


--------------------------------------------------------------------------------
/lib/db/schema/patch-044-043.sql:
--------------------------------------------------------------------------------
1 | -- DROP PROCEDURE `emailRecord_4`;
2 | 
3 | -- UPDATE dbMetadata SET value = '43' WHERE name = 'schema-patch-level';
4 | 


--------------------------------------------------------------------------------
/lib/db/schema/patch-044-045.sql:
--------------------------------------------------------------------------------
 1 | -- Retrieve all sessions with device information where available
 2 | CREATE PROCEDURE `sessions_2` (
 3 |   IN `uidArg` BINARY(16)
 4 | )
 5 | BEGIN
 6 |   SELECT
 7 |     t.tokenId,
 8 |     t.uid,
 9 |     t.createdAt,
10 |     t.uaBrowser,
11 |     t.uaBrowserVersion,
12 |     t.uaOS,
13 |     t.uaOSVersion,
14 |     t.uaDeviceType,
15 |     t.lastAccessTime,
16 |     d.id AS deviceId,
17 |     d.name AS deviceName,
18 |     d.type AS deviceType,
19 |     d.createdAt AS deviceCreatedAt,
20 |     d.callbackURL AS deviceCallbackURL,
21 |     d.callbackPublicKey AS deviceCallbackPublicKey,
22 |     d.callbackAuthKey AS deviceCallbackAuthKey
23 |   FROM sessionTokens AS t
24 |   LEFT JOIN devices AS d
25 |     ON (t.tokenId = d.sessionTokenId AND t.uid = d.uid)
26 |   WHERE t.uid = uidArg;
27 | END;
28 | 
29 | UPDATE dbMetadata SET value = '45' WHERE name = 'schema-patch-level';
30 | 


--------------------------------------------------------------------------------
/lib/db/schema/patch-045-044.sql:
--------------------------------------------------------------------------------
1 | -- DROP PROCEDURE `sessions_2`;
2 | 
3 | -- UPDATE dbMetadata SET value = '44' WHERE name = 'schema-patch-level';
4 | 


--------------------------------------------------------------------------------
/lib/db/schema/patch-046-045.sql:
--------------------------------------------------------------------------------
 1 | -- DROP PROCEDURE `accountEmails_1`;
 2 | -- DROP PROCEDURE `createEmail_1`;
 3 | -- DROP PROCEDURE `deleteEmail_1`;
 4 | -- DROP PROCEDURE `verifyEmail_4`;
 5 | -- DROP PROCEDURE `createAccount_6`;
 6 | -- DROP PROCEDURE `deleteAccount_12`;
 7 | 
 8 | -- DROP TABLE `emails`;
 9 | 
10 | -- UPDATE dbMetadata SET value = '45' WHERE name = 'schema-patch-level';
11 | 


--------------------------------------------------------------------------------
/lib/db/schema/patch-046-047.sql:
--------------------------------------------------------------------------------
 1 | -- Add ability to get a specific email on the emails table
 2 | -- Differs from `emailRecord` that returns a filtered account object
 3 | 
 4 | CREATE PROCEDURE `getSecondaryEmail_1` (
 5 |     IN `emailArg` VARCHAR(255)
 6 | )
 7 | BEGIN
 8 |     SELECT * FROM emails WHERE normalizedEmail = LOWER(emailArg);
 9 | END;
10 | 
11 | UPDATE dbMetadata SET value = '47' WHERE name = 'schema-patch-level';
12 | 


--------------------------------------------------------------------------------
/lib/db/schema/patch-047-046.sql:
--------------------------------------------------------------------------------
1 | -- DROP PROCEDURE `getSecondaryEmail_1`;
2 | 
3 | -- UPDATE dbMetadata SET value = '46' WHERE name = 'schema-patch-level';
4 | 


--------------------------------------------------------------------------------
/lib/db/schema/patch-047-048.sql:
--------------------------------------------------------------------------------
 1 | CREATE TABLE IF NOT EXISTS `signinCodes` (
 2 |   hash BINARY(32) NOT NULL PRIMARY KEY,
 3 |   uid BINARY(16) NOT NULL,
 4 |   createdAt BIGINT UNSIGNED NOT NULL,
 5 |   INDEX signinCodes_createdAt (createdAt)
 6 | ) ENGINE=InnoDB;
 7 | 
 8 | CREATE PROCEDURE `createSigninCode_1` (
 9 |   IN `hashArg` BINARY(32),
10 |   IN `uidArg` BINARY(16),
11 |   IN `createdAtArg` BIGINT UNSIGNED
12 | )
13 | BEGIN
14 |   INSERT INTO signinCodes(hash, uid, createdAt)
15 |   VALUES(hashArg, uidArg, createdAtArg);
16 | END;
17 | 
18 | CREATE PROCEDURE `consumeSigninCode_1` (
19 |   IN `hashArg` BINARY(32)
20 | )
21 | BEGIN
22 |   DECLARE EXIT HANDLER FOR SQLEXCEPTION
23 |   BEGIN
24 |     ROLLBACK;
25 |     RESIGNAL;
26 |   END;
27 | 
28 |   START TRANSACTION;
29 | 
30 |   SELECT email
31 |   FROM accounts
32 |   WHERE uid = (
33 |     SELECT uid
34 |     FROM signinCodes
35 |     WHERE hash = hashArg
36 |   );
37 | 
38 |   DELETE FROM signinCodes
39 |   WHERE hash = hashArg;
40 | 
41 |   COMMIT;
42 | END;
43 | 
44 | CREATE PROCEDURE `expireSigninCodes_1` (
45 |   IN `olderThan` BIGINT UNSIGNED
46 | )
47 | BEGIN
48 |   DELETE FROM signinCodes
49 |   WHERE createdAt < olderThan;
50 | END;
51 | 
52 | CREATE PROCEDURE `deleteAccount_13` (
53 |   IN `uidArg` BINARY(16)
54 | )
55 | BEGIN
56 |   DECLARE EXIT HANDLER FOR SQLEXCEPTION
57 |   BEGIN
58 |     ROLLBACK;
59 |     RESIGNAL;
60 |   END;
61 | 
62 |   START TRANSACTION;
63 | 
64 |   DELETE FROM sessionTokens WHERE uid = uidArg;
65 |   DELETE FROM keyFetchTokens WHERE uid = uidArg;
66 |   DELETE FROM accountResetTokens WHERE uid = uidArg;
67 |   DELETE FROM passwordChangeTokens WHERE uid = uidArg;
68 |   DELETE FROM passwordForgotTokens WHERE uid = uidArg;
69 |   DELETE FROM accounts WHERE uid = uidArg;
70 |   DELETE FROM devices WHERE uid = uidArg;
71 |   DELETE FROM unverifiedTokens WHERE uid = uidArg;
72 |   DELETE FROM unblockCodes WHERE uid = uidArg;
73 |   DELETE FROM emails WHERE uid = uidArg;
74 |   DELETE FROM signinCodes WHERE uid = uidArg;
75 | 
76 |   COMMIT;
77 | END;
78 | 
79 | 
80 | UPDATE dbMetadata SET value = '48' WHERE name = 'schema-patch-level';
81 | 


--------------------------------------------------------------------------------
/lib/db/schema/patch-048-047.sql:
--------------------------------------------------------------------------------
1 | -- DROP PROCEDURE `deleteAccount_13`;
2 | -- DROP PROCEDURE `expireSigninCode_1`;
3 | -- DROP PROCEDURE `consumeSigninCode_1`;
4 | -- DROP PROCEDURE `createSigninCode_1`;
5 | 
6 | -- DROP TABLE signinCodes;
7 | 
8 | -- UPDATE dbMetadata SET value = '47' WHERE name = 'schema-patch-level';
9 | 


--------------------------------------------------------------------------------
/lib/db/schema/patch-048-049.sql:
--------------------------------------------------------------------------------
 1 | CREATE PROCEDURE `prune_3` (IN `olderThan` BIGINT UNSIGNED)
 2 | BEGIN
 3 |   SELECT @lockAcquired := GET_LOCK('fxa-auth-server.prune-lock', 3);
 4 | 
 5 |   IF @lockAcquired THEN
 6 |     DELETE FROM accountResetTokens WHERE createdAt < olderThan ORDER BY createdAt LIMIT 10000;
 7 |     DELETE FROM passwordForgotTokens WHERE createdAt < olderThan ORDER BY createdAt LIMIT 10000;
 8 |     DELETE FROM passwordChangeTokens WHERE createdAt < olderThan ORDER BY createdAt LIMIT 10000;
 9 |     DELETE FROM unblockCodes WHERE createdAt < olderThan ORDER BY createdAt LIMIT 10000;
10 |     DELETE FROM signinCodes WHERE createdAt < olderThan ORDER BY createdAt LIMIT 10000;
11 | 
12 |     SELECT RELEASE_LOCK('fxa-auth-server.prune-lock');
13 |   END IF;
14 | END;
15 | 
16 | DROP PROCEDURE `expireSigninCodes_1`;
17 | 
18 | CREATE PROCEDURE `consumeSigninCode_2` (
19 |   IN `hashArg` BINARY(32),
20 |   IN `newerThan` BIGINT UNSIGNED
21 | )
22 | BEGIN
23 |   DECLARE EXIT HANDLER FOR SQLEXCEPTION
24 |   BEGIN
25 |     ROLLBACK;
26 |     RESIGNAL;
27 |   END;
28 | 
29 |   START TRANSACTION;
30 | 
31 |   SELECT email
32 |   FROM accounts
33 |   WHERE uid = (
34 |     SELECT uid
35 |     FROM signinCodes
36 |     WHERE hash = hashArg
37 | 	AND createdAt > newerThan
38 |   );
39 | 
40 |   DELETE FROM signinCodes
41 |   WHERE hash = hashArg
42 |   AND createdAt > newerThan;
43 | 
44 |   COMMIT;
45 | END;
46 | 
47 | UPDATE dbMetadata SET value = '49' WHERE name = 'schema-patch-level';
48 | 


--------------------------------------------------------------------------------
/lib/db/schema/patch-049-048.sql:
--------------------------------------------------------------------------------
 1 | --DROP PROCEDURE `prune_3`;
 2 | 
 3 | --CREATE PROCEDURE `expireSigninCodes_1` (
 4 | --  IN `olderThan` BIGINT UNSIGNED
 5 | --)
 6 | --BEGIN
 7 | --  DELETE FROM signinCodes
 8 | --  WHERE createdAt < olderThan;
 9 | --END;
10 | 
11 | --DROP PROCEDURE `consumeSigninCode_2`;
12 | 
13 | --UPDATE dbMetadata SET value = '48' WHERE name = 'schema-patch-level';
14 | 


--------------------------------------------------------------------------------
/lib/db/schema/patch-050-049.sql:
--------------------------------------------------------------------------------
1 | -- DROP PROCEDURE `createAccount_7`;
2 | -- DROP PROCEDURE `accountEmails_2`;
3 | -- DROP PROCEDURE `forgotPasswordVerified_6`;
4 | -- DROP PROCEDURE `verifyEmail_5`;
5 | 
6 | -- UPDATE dbMetadata SET value = '49' WHERE name = 'schema-patch-level';


--------------------------------------------------------------------------------
/lib/db/schema/patch-050-051.sql:
--------------------------------------------------------------------------------
 1 | -- Migration to copy account emails that are not on the emails table
 2 | -- Sets the email as the primary email for account
 3 | INSERT INTO emails(
 4 |         normalizedEmail,
 5 |         email,
 6 |         uid,
 7 |         emailCode,
 8 |         isVerified,
 9 |         isPrimary,
10 |         createdAt
11 |     )
12 | SELECT
13 |     normalizedEmail,
14 |     email,
15 |     uid,
16 |     emailCode,
17 |     emailVerified,
18 |     true,
19 |     createdAt
20 | FROM accounts a
21 | WHERE
22 |     a.uid
23 | NOT IN
24 |     (SELECT uid FROM emails);
25 | 
26 | UPDATE dbMetadata SET value = '51' WHERE name = 'schema-patch-level';
27 | 


--------------------------------------------------------------------------------
/lib/db/schema/patch-051-050.sql:
--------------------------------------------------------------------------------
1 | -- UPDATE dbMetadata SET value = '50' WHERE name = 'schema-patch-level';
2 | 


--------------------------------------------------------------------------------
/lib/db/schema/patch-051-052.sql:
--------------------------------------------------------------------------------
 1 | CREATE PROCEDURE `accountEmails_3` (
 2 |     IN `inUid` BINARY(16)
 3 | )
 4 | BEGIN
 5 | 	(SELECT
 6 |         a.normalizedEmail,
 7 |         a.email,
 8 |         a.uid,
 9 |         a.emailCode,
10 |         a.emailVerified AS isVerified,
11 |         TRUE AS isPrimary,
12 |         a.createdAt
13 |     FROM
14 |         accounts a
15 |     WHERE
16 |         uid = inUid)
17 | 
18 |     UNION DISTINCT
19 | 
20 |     (SELECT
21 |         e.normalizedEmail,
22 |         e.email,
23 |         e.uid,
24 |         e.emailCode,
25 |         e.isVerified,
26 |         e.isPrimary,
27 |         e.createdAt
28 |     FROM
29 |         emails e
30 |     WHERE
31 |         uid = inUid)
32 |     ORDER BY isPrimary DESC;
33 | END;
34 | 
35 | UPDATE dbMetadata SET value = '52' WHERE name = 'schema-patch-level';
36 | 


--------------------------------------------------------------------------------
/lib/db/schema/patch-052-051.sql:
--------------------------------------------------------------------------------
1 | -- DROP PROCEDURE `accountEmails_3`;
2 | 
3 | -- UPDATE dbMetadata SET value = '51' WHERE name = 'schema-patch-level';
4 | 


--------------------------------------------------------------------------------
/lib/db/schema/patch-052-053.sql:
--------------------------------------------------------------------------------
 1 | CREATE PROCEDURE `forgotPasswordVerified_7` (
 2 |     IN `inPasswordForgotTokenId` BINARY(32),
 3 |     IN `inAccountResetTokenId` BINARY(32),
 4 |     IN `inTokenData` BINARY(32),
 5 |     IN `inUid` BINARY(16),
 6 |     IN `inCreatedAt` BIGINT UNSIGNED
 7 | )
 8 | BEGIN
 9 |     DECLARE EXIT HANDLER FOR SQLEXCEPTION
10 |     BEGIN
11 |         -- ERROR
12 |         ROLLBACK;
13 |         RESIGNAL;
14 |     END;
15 | 
16 |     START TRANSACTION;
17 | 
18 |     -- Since we only ever want one accountResetToken per uid, then we
19 |     -- do a replace - generally due to a collision on the unique uid field.
20 |     REPLACE INTO accountResetTokens(
21 |         tokenId,
22 |         tokenData,
23 |         uid,
24 |         createdAt
25 |     )
26 |     VALUES(
27 |         inAccountResetTokenId,
28 |         inTokenData,
29 |         inUid,
30 |         inCreatedAt
31 |     );
32 | 
33 |     DELETE FROM passwordForgotTokens WHERE tokenId = inPasswordForgotTokenId;
34 | 
35 |     UPDATE accounts SET emailVerified = true WHERE uid = inUid;
36 |     UPDATE emails SET isVerified = true WHERE isPrimary = true AND uid = inUid;
37 | 
38 |     COMMIT;
39 | END;
40 | 
41 | UPDATE dbMetadata SET value = '53' WHERE name = 'schema-patch-level';
42 | 


--------------------------------------------------------------------------------
/lib/db/schema/patch-053-052.sql:
--------------------------------------------------------------------------------
1 | -- DROP PROCEDURE `forgotPasswordVerified_7`;
2 | 
3 | -- UPDATE dbMetadata SET value = '52' WHERE name = 'schema-patch-level';
4 | 


--------------------------------------------------------------------------------
/lib/db/schema/patch-054-053.sql:
--------------------------------------------------------------------------------
 1 | -- DROP PROCEDURE `accountEmails_4`;
 2 | -- DROP PROCEDURE `accountDevices_7`;
 3 | -- DROP PROCEDURE `accountExists_2`;
 4 | -- DROP PROCEDURE `consumeSigninCode_3`;
 5 | -- DROP PROCEDURE `createEmail_2`;
 6 | -- DROP PROCEDURE `deleteEmail_2`;
 7 | -- DROP PROCEDURE `keyFetchTokenWithVerificationStatus_2`;
 8 | -- DROP PROCEDURE `passwordChangeToken_3`;
 9 | -- DROP PROCEDURE `passwordForgotToken_2`;
10 | -- DROP PROCEDURE `sessionToken_4`;
11 | -- DROP PROCEDURE `sessionTokenWithVerificationStatus_3`;
12 | -- DROP PROCEDURE `sessionWithDevice_5`;
13 | 
14 | -- UPDATE dbMetadata SET value = '53' WHERE name = 'schema-patch-level';
15 | 


--------------------------------------------------------------------------------
/lib/db/schema/patch-054-055.sql:
--------------------------------------------------------------------------------
 1 | ALTER TABLE `signinCodes`
 2 | ADD COLUMN `flowId` BINARY(32),
 3 | ALGORITHM = INPLACE, LOCK = NONE;
 4 | 
 5 | CREATE PROCEDURE `createSigninCode_2` (
 6 |   IN `hashArg` BINARY(32),
 7 |   IN `uidArg` BINARY(16),
 8 |   IN `createdAtArg` BIGINT UNSIGNED,
 9 |   IN `flowIdArg` BINARY(32)
10 | )
11 | BEGIN
12 |   INSERT INTO signinCodes(hash, uid, createdAt, flowId)
13 |   VALUES(hashArg, uidArg, createdAtArg, flowIdArg);
14 | END;
15 | 
16 | CREATE PROCEDURE `consumeSigninCode_4` (
17 |   IN `hashArg` BINARY(32),
18 |   IN `newerThanArg` BIGINT UNSIGNED
19 | )
20 | BEGIN
21 |   DECLARE EXIT HANDLER FOR SQLEXCEPTION
22 |   BEGIN
23 |     ROLLBACK;
24 |     RESIGNAL;
25 |   END;
26 | 
27 |   START TRANSACTION;
28 | 
29 |   SELECT sc.flowId, e.email
30 |   FROM signinCodes AS sc
31 |   INNER JOIN emails AS e
32 |   ON sc.hash = hashArg
33 |   AND sc.createdAt > newerThanArg
34 |   AND sc.uid = e.uid
35 |   AND e.isPrimary = true;
36 | 
37 |   DELETE FROM signinCodes
38 |   WHERE hash = hashArg
39 |   AND createdAt > newerThanArg;
40 | 
41 |   COMMIT;
42 | END;
43 | 
44 | UPDATE dbMetadata SET value = '55' WHERE name = 'schema-patch-level';
45 | 
46 | 


--------------------------------------------------------------------------------
/lib/db/schema/patch-055-054.sql:
--------------------------------------------------------------------------------
 1 | --DROP PROCEDURE `consumeSigninCode_4`;
 2 | 
 3 | --DROP PROCEDURE `createSigninCode_2`;
 4 | 
 5 | --ALTER TABLE `signinCodes`
 6 | --DROP COLUMN `flowId`,
 7 | --ALGORITHM = INPLACE, LOCK = NONE;
 8 | 
 9 | --UPDATE dbMetadata SET value = '54' WHERE name = 'schema-patch-level';
10 | 
11 | 


--------------------------------------------------------------------------------
/lib/db/schema/patch-055-056.sql:
--------------------------------------------------------------------------------
 1 | CREATE PROCEDURE `resetAccountTokens_1` (
 2 |   IN `uidArg` BINARY(16)
 3 | )
 4 | BEGIN
 5 |   DECLARE EXIT HANDLER FOR SQLEXCEPTION
 6 |   BEGIN
 7 |     ROLLBACK;
 8 |     RESIGNAL;
 9 |   END;
10 | 
11 |   START TRANSACTION;
12 | 
13 |   DELETE FROM accountResetTokens WHERE uid = uidArg;
14 |   DELETE FROM passwordChangeTokens WHERE uid = uidArg;
15 |   DELETE FROM passwordForgotTokens WHERE uid = uidArg;
16 | 
17 |   COMMIT;
18 | END;
19 | 
20 | UPDATE dbMetadata SET value = '56' WHERE name = 'schema-patch-level';
21 | 


--------------------------------------------------------------------------------
/lib/db/schema/patch-056-055.sql:
--------------------------------------------------------------------------------
1 | -- DROP PROCEDURE `resetAccountTokens_1`;
2 | 
3 | -- UPDATE dbMetadata SET value = '55' WHERE name = 'schema-patch-level';
4 | 


--------------------------------------------------------------------------------
/lib/db/schema/patch-056-057.sql:
--------------------------------------------------------------------------------
 1 | CREATE PROCEDURE `setPrimaryEmail_1` (
 2 |   IN `inUid` BINARY(16),
 3 |   IN `inNormalizedEmail` VARCHAR(255)
 4 | )
 5 | BEGIN
 6 |   DECLARE EXIT HANDLER FOR SQLEXCEPTION
 7 |   BEGIN
 8 |     ROLLBACK;
 9 |     RESIGNAL;
10 |   END;
11 | 
12 |   START TRANSACTION;
13 |      UPDATE emails SET isPrimary = false WHERE uid = inUid AND isPrimary = true;
14 |      UPDATE emails SET isPrimary = true WHERE uid = inUid AND isPrimary = false AND normalizedEmail = inNormalizedEmail;
15 | 
16 |      SELECT ROW_COUNT() INTO @updateCount;
17 |      IF @updateCount = 0 THEN
18 |         SIGNAL SQLSTATE '45000' SET MYSQL_ERRNO = 1062, MESSAGE_TEXT = 'Can not change email. Could not find email.';
19 |      END IF;
20 |   COMMIT;
21 | END;
22 | 
23 | CREATE PROCEDURE `accountRecord_1` (
24 |   IN `inEmail` VARCHAR(255)
25 | )
26 | BEGIN
27 |     SELECT
28 |         a.uid,
29 |         a.email,
30 |         a.normalizedEmail,
31 |         a.emailVerified,
32 |         a.emailCode,
33 |         a.kA,
34 |         a.wrapWrapKb,
35 |         a.verifierVersion,
36 |         a.verifyHash,
37 |         a.authSalt,
38 |         a.verifierSetAt,
39 |         e.normalizedEmail AS primaryEmail
40 |     FROM
41 |         accounts a,
42 |         emails e
43 |     WHERE
44 |         a.uid = (SELECT uid FROM emails WHERE normalizedEmail = LOWER(inEmail))
45 |     AND
46 |         a.uid = e.uid
47 |     AND
48 |         e.isPrimary = true;
49 | END;
50 | 
51 | UPDATE dbMetadata SET value = '57' WHERE name = 'schema-patch-level';
52 | 


--------------------------------------------------------------------------------
/lib/db/schema/patch-057-056.sql:
--------------------------------------------------------------------------------
1 | -- DROP PROCEDURE `setPrimaryEmail_1`;
2 | -- DROP PROCEDURE `accountRecord_1`;
3 | 
4 | -- UPDATE dbMetadata SET value = '56' WHERE name = 'schema-patch-level';
5 | 


--------------------------------------------------------------------------------
/lib/db/schema/patch-057-058.sql:
--------------------------------------------------------------------------------
 1 | CREATE PROCEDURE `accountRecord_2` (
 2 |   IN `inEmail` VARCHAR(255)
 3 | )
 4 | BEGIN
 5 |     SELECT
 6 |         a.uid,
 7 |         a.email,
 8 |         a.normalizedEmail,
 9 |         a.emailVerified,
10 |         a.emailCode,
11 |         a.kA,
12 |         a.wrapWrapKb,
13 |         a.verifierVersion,
14 |         a.authSalt,
15 |         a.verifierSetAt,
16 |         a.createdAt,
17 |         a.locale,
18 |         a.lockedAt,
19 |         e.normalizedEmail AS primaryEmail
20 |     FROM
21 |         accounts a,
22 |         emails e
23 |     WHERE
24 |         a.uid = (SELECT uid FROM emails WHERE normalizedEmail = LOWER(inEmail))
25 |     AND
26 |         a.uid = e.uid
27 |     AND
28 |         e.isPrimary = true;
29 | END;
30 | 
31 | UPDATE dbMetadata SET value = '58' WHERE name = 'schema-patch-level';
32 | 


--------------------------------------------------------------------------------
/lib/db/schema/patch-058-057.sql:
--------------------------------------------------------------------------------
1 | -- DROP PROCEDURE `accountRecord_2`;
2 | 
3 | -- UPDATE dbMetadata SET value = '57' WHERE name = 'schema-patch-level';
4 | 


--------------------------------------------------------------------------------
/lib/db/schema/patch-059-058.sql:
--------------------------------------------------------------------------------
 1 | --DROP PROCEDURE `accountDevices_8`;
 2 | --DROP PROCEDURE `sessions_3`;
 3 | --DROP PROCEDURE `sessionWithDevice_6`;
 4 | --DROP PROCEDURE `sessionTokenWithVerificationStatus_4`;
 5 | --DROP PROCEDURE `sessionToken_5`;
 6 | --DROP PROCEDURE `createSessionToken_5`;
 7 | 
 8 | --ALTER TABLE `sessionTokens`
 9 | --DROP COLUMN `uaFormFactor`,
10 | --ALGORITHM = INPLACE, LOCK = NONE;
11 | 
12 | --UPDATE dbMetadata SET value = '58' WHERE name = 'schema-patch-level';
13 | 
14 | 


--------------------------------------------------------------------------------
/lib/db/schema/patch-059-060.sql:
--------------------------------------------------------------------------------
 1 | CREATE PROCEDURE `createSessionToken_6` (
 2 |   IN `tokenId` BINARY(32),
 3 |   IN `tokenData` BINARY(32),
 4 |   IN `uid` BINARY(16),
 5 |   IN `createdAt` BIGINT UNSIGNED,
 6 |   IN `uaBrowser` VARCHAR(255),
 7 |   IN `uaBrowserVersion` VARCHAR(255),
 8 |   IN `uaOS` VARCHAR(255),
 9 |   IN `uaOSVersion` VARCHAR(255),
10 |   IN `uaDeviceType` VARCHAR(255),
11 |   IN `tokenVerificationId` BINARY(16),
12 |   IN `mustVerify` BOOLEAN
13 | )
14 | BEGIN
15 |   CALL createSessionToken_4(
16 |     tokenId,
17 |     tokenData,
18 |     uid,
19 |     createdAt,
20 |     uaBrowser,
21 |     uaBrowserVersion,
22 |     uaOS,
23 |     uaOSVersion,
24 |     uaDeviceType,
25 |     tokenVerificationId,
26 |     mustVerify
27 |   );
28 | END;
29 | 
30 | CREATE PROCEDURE `sessionToken_6` (
31 |   IN `tokenIdArg` BINARY(32)
32 | )
33 | BEGIN
34 |   CALL sessionToken_4(tokenIdArg);
35 | END;
36 | 
37 | CREATE PROCEDURE `sessionTokenWithVerificationStatus_5` (
38 |   IN `tokenIdArg` BINARY(32)
39 | )
40 | BEGIN
41 |   CALL sessionTokenWithVerificationStatus_3(tokenIdArg);
42 | END;
43 | 
44 | CREATE PROCEDURE `sessionWithDevice_7` (
45 |   IN `tokenIdArg` BINARY(32)
46 | )
47 | BEGIN
48 |   CALL sessionWithDevice_5(tokenIdArg);
49 | END;
50 | 
51 | CREATE PROCEDURE `sessions_4` (
52 |   IN `uidArg` BINARY(16)
53 | )
54 | BEGIN
55 |   CALL sessions_2(uidArg);
56 | END;
57 | 
58 | CREATE PROCEDURE `accountDevices_9` (
59 |   IN `uidArg` BINARY(16)
60 | )
61 | BEGIN
62 |   CALL accountDevices_7(uidArg);
63 | END;
64 | 
65 | ALTER TABLE `sessionTokens`
66 | DROP COLUMN `uaFormFactor`,
67 | ALGORITHM = INPLACE, LOCK = NONE;
68 | 
69 | UPDATE dbMetadata SET value = '60' WHERE name = 'schema-patch-level';
70 | 
71 | 


--------------------------------------------------------------------------------
/lib/db/schema/patch-060-059.sql:
--------------------------------------------------------------------------------
 1 | --DROP PROCEDURE `accountDevices_9`;
 2 | --DROP PROCEDURE `sessions_4`;
 3 | --DROP PROCEDURE `sessionWithDevice_7`;
 4 | --DROP PROCEDURE `sessionTokenWithVerificationStatus_5`;
 5 | --DROP PROCEDURE `sessionToken_6`;
 6 | --DROP PROCEDURE `createSessionToken_6`;
 7 | 
 8 | --ALTER TABLE `sessionTokens`
 9 | --ADD COLUMN `uaFormFactor` VARCHAR(255),
10 | --ALGORITHM = INPLACE, LOCK = NONE;
11 | 
12 | --UPDATE dbMetadata SET value = '59' WHERE name = 'schema-patch-level';
13 | 
14 | 


--------------------------------------------------------------------------------
/lib/db/schema/patch-061-060.sql:
--------------------------------------------------------------------------------
 1 | --DROP PROCEDURE `accountDevices_10`;
 2 | --DROP PROCEDURE `sessions_5`;
 3 | --DROP PROCEDURE `sessionWithDevice_8`;
 4 | --DROP PROCEDURE `sessionTokenWithVerificationStatus_6`;
 5 | --DROP PROCEDURE `sessionToken_7`;
 6 | --DROP PROCEDURE `createSessionToken_7`;
 7 | 
 8 | --ALTER TABLE `sessionTokens`
 9 | --DROP COLUMN `uaFormFactor`,
10 | --ALGORITHM = INPLACE, LOCK = NONE;
11 | 
12 | --UPDATE dbMetadata SET value = '60' WHERE name = 'schema-patch-level';
13 | 
14 | 


--------------------------------------------------------------------------------
/lib/db/schema/patch-061-062.sql:
--------------------------------------------------------------------------------
 1 | --  Update devices table to utf8mb4
 2 | SET NAMES utf8mb4 COLLATE utf8mb4_bin;
 3 | 
 4 | ALTER DATABASE fxa CHARACTER SET utf8mb4 COLLATE utf8mb4_bin;
 5 | 
 6 | ALTER TABLE devices ADD COLUMN nameUtf8 VARCHAR(255) CHARACTER SET utf8mb4 COLLATE utf8mb4_bin AFTER name,
 7 | ALGORITHM = INPLACE, LOCK = NONE;
 8 | 
 9 | CREATE PROCEDURE `createDevice_3` (
10 |   IN `inUid` BINARY(16),
11 |   IN `inId` BINARY(16),
12 |   IN `inSessionTokenId` BINARY(32),
13 |   IN `inName` VARCHAR(255),
14 |   IN `inNameUtf8` VARCHAR(255),
15 |   IN `inType` VARCHAR(16),
16 |   IN `inCreatedAt` BIGINT UNSIGNED,
17 |   IN `inCallbackURL` VARCHAR(255),
18 |   IN `inCallbackPublicKey` CHAR(88),
19 |   IN `inCallbackAuthKey` CHAR(24)
20 | )
21 | BEGIN
22 |   INSERT INTO devices(
23 |     uid,
24 |     id,
25 |     sessionTokenId,
26 |     name,
27 |     nameUtf8,
28 |     type,
29 |     createdAt,
30 |     callbackURL,
31 |     callbackPublicKey,
32 |     callbackAuthKey
33 |   )
34 |   VALUES (
35 |     inUid,
36 |     inId,
37 |     inSessionTokenId,
38 |     inName,
39 |     inNameUtf8,
40 |     inType,
41 |     inCreatedAt,
42 |     inCallbackURL,
43 |     inCallbackPublicKey,
44 |     inCallbackAuthKey
45 |   );
46 | END;
47 | 
48 | CREATE PROCEDURE `updateDevice_3` (
49 |   IN `inUid` BINARY(16),
50 |   IN `inId` BINARY(16),
51 |   IN `inSessionTokenId` BINARY(32),
52 |   IN `inName` VARCHAR(255),
53 |   IN `inNameUtf8` VARCHAR(255),
54 |   IN `inType` VARCHAR(16),
55 |   IN `inCallbackURL` VARCHAR(255),
56 |   IN `inCallbackPublicKey` CHAR(88),
57 |   IN `inCallbackAuthKey` CHAR(24)
58 | )
59 | BEGIN
60 |   UPDATE devices
61 |   SET sessionTokenId = COALESCE(inSessionTokenId, sessionTokenId),
62 |     name = COALESCE(inName, name),
63 |     nameUtf8 = COALESCE(inNameUtf8, nameUtf8),
64 |     type = COALESCE(inType, type),
65 |     callbackURL = COALESCE(inCallbackURL, callbackURL),
66 |     callbackPublicKey = COALESCE(inCallbackPublicKey, callbackPublicKey),
67 |     callbackAuthKey = COALESCE(inCallbackAuthKey, callbackAuthKey)
68 |   WHERE uid = inUid AND id = inId;
69 | END;
70 | 
71 | UPDATE dbMetadata SET value = '62' WHERE name = 'schema-patch-level';
72 | 


--------------------------------------------------------------------------------
/lib/db/schema/patch-062-061.sql:
--------------------------------------------------------------------------------
1 | -- ALTER TABLE devices DROP COLUMN nameUtf8, ALGORITHM = INPLACE, LOCK = NONE;
2 | 
3 | -- -- Drop new stored procedures
4 | -- DROP PROCEDURE `createDevice_3`;
5 | -- DROP PROCEDURE `updateDevice_3`;
6 | 
7 | -- UPDATE dbMetadata SET value = '61' WHERE name = 'schema-patch-level';
8 | 
9 | 


--------------------------------------------------------------------------------
/lib/db/schema/patch-063-062.sql:
--------------------------------------------------------------------------------
 1 | --ALTER TABLE `devices`
 2 | --DROP COLUMN `callbackIsExpired`,
 3 | --ALGORITHM = INPLACE, LOCK = NONE;
 4 | 
 5 | -- -- Drop new stored procedures
 6 | -- DROP PROCEDURE `updateDevice_4`;
 7 | -- DROP PROCEDURE `sessionWithDevice_9`;
 8 | -- DROP PROCEDURE `sessions_6`;
 9 | -- DROP PROCEDURE `accountDevices_11`;
10 | -- DROP PROCEDURE `deviceFromTokenVerificationId_2`;
11 | 
12 | -- UPDATE dbMetadata SET value = '62' WHERE name = 'schema-patch-level';
13 | 
14 | 


--------------------------------------------------------------------------------
/lib/db/schema/patch-063-064.sql:
--------------------------------------------------------------------------------
 1 | CREATE PROCEDURE `prune_4` (IN `olderThan` BIGINT UNSIGNED)
 2 | BEGIN
 3 |   DECLARE EXIT HANDLER FOR SQLEXCEPTION
 4 |   BEGIN
 5 |     ROLLBACK;
 6 |     RESIGNAL;
 7 |   END;
 8 | 
 9 |   SELECT @lockAcquired := GET_LOCK('fxa-auth-server.prune-lock', 3);
10 | 
11 |   IF @lockAcquired THEN
12 |     DELETE FROM accountResetTokens WHERE createdAt < olderThan ORDER BY createdAt LIMIT 10000;
13 |     DELETE FROM passwordForgotTokens WHERE createdAt < olderThan ORDER BY createdAt LIMIT 10000;
14 |     DELETE FROM passwordChangeTokens WHERE createdAt < olderThan ORDER BY createdAt LIMIT 10000;
15 |     DELETE FROM unblockCodes WHERE createdAt < olderThan ORDER BY createdAt LIMIT 10000;
16 |     DELETE FROM signinCodes WHERE createdAt < olderThan ORDER BY createdAt LIMIT 10000;
17 | 
18 |     START TRANSACTION;
19 | 
20 |     DELETE FROM sessionTokens
21 |     WHERE createdAt < olderThan
22 |     AND NOT EXISTS (
23 |       SELECT d.sessionTokenId
24 |       FROM devices AS d
25 |       WHERE d.sessionTokenId = sessionTokens.tokenId
26 |     )
27 |     ORDER BY createdAt
28 |     LIMIT 10000;
29 | 
30 |     DELETE ut
31 |     FROM unverifiedTokens AS ut
32 |     LEFT JOIN sessionTokens AS st
33 |       ON ut.tokenId = st.tokenId
34 |     WHERE st.tokenId IS NULL;
35 | 
36 |     COMMIT;
37 | 
38 |     SELECT RELEASE_LOCK('fxa-auth-server.prune-lock');
39 |   END IF;
40 | END;
41 | 
42 | UPDATE dbMetadata SET value = '64' WHERE name = 'schema-patch-level';
43 | 
44 | 


--------------------------------------------------------------------------------
/lib/db/schema/patch-064-063.sql:
--------------------------------------------------------------------------------
1 | -- DROP PROCEDURE `prune_4`;
2 | 
3 | -- UPDATE dbMetadata SET value = '63' WHERE name = 'schema-patch-level';
4 | 
5 | 


--------------------------------------------------------------------------------
/lib/db/schema/patch-065-064.sql:
--------------------------------------------------------------------------------
1 | -- DROP PROCEDURE `accountDevices_12`;
2 | -- DROP PROCEDURE `updateDevice_5`;
3 | -- DROP PROCEDURE `deviceFromTokenVerificationId_3`;
4 | -- DROP PROCEDURE `sessions_7`;
5 | -- DROP PROCEDURE `sessionWithDevice_10`;
6 | -- DROP PROCEDURE `createDevice_4`;
7 | 
8 | -- UPDATE dbMetadata SET value = '64' WHERE name = 'schema-patch-level';
9 | 


--------------------------------------------------------------------------------
/lib/db/schema/patch-065-066.sql:
--------------------------------------------------------------------------------
 1 | SET NAMES utf8mb4 COLLATE utf8mb4_bin;
 2 | 
 3 | -- Reinstate the code from prune_3
 4 | CREATE PROCEDURE `prune_5` (IN `olderThan` BIGINT UNSIGNED)
 5 | BEGIN
 6 |   SELECT @lockAcquired := GET_LOCK('fxa-auth-server.prune-lock', 3);
 7 | 
 8 |   IF @lockAcquired THEN
 9 |     DELETE FROM accountResetTokens WHERE createdAt < olderThan ORDER BY createdAt LIMIT 10000;
10 |     DELETE FROM passwordForgotTokens WHERE createdAt < olderThan ORDER BY createdAt LIMIT 10000;
11 |     DELETE FROM passwordChangeTokens WHERE createdAt < olderThan ORDER BY createdAt LIMIT 10000;
12 |     DELETE FROM unblockCodes WHERE createdAt < olderThan ORDER BY createdAt LIMIT 10000;
13 |     DELETE FROM signinCodes WHERE createdAt < olderThan ORDER BY createdAt LIMIT 10000;
14 | 
15 |     SELECT RELEASE_LOCK('fxa-auth-server.prune-lock');
16 |   END IF;
17 | END;
18 | 
19 | UPDATE dbMetadata SET value = '66' WHERE name = 'schema-patch-level';
20 | 
21 | 


--------------------------------------------------------------------------------
/lib/db/schema/patch-066-065.sql:
--------------------------------------------------------------------------------
1 | -- DROP PROCEDURE `prune_5`;
2 | 
3 | -- UPDATE dbMetadata SET value = '65' WHERE name = 'schema-patch-level';
4 | 
5 | 


--------------------------------------------------------------------------------
/lib/db/schema/patch-066-067.sql:
--------------------------------------------------------------------------------
 1 | SET NAMES utf8mb4 COLLATE utf8mb4_bin;
 2 | 
 3 | -- Add an index on sessionTokens::createdAt to make pruning faster.
 4 | CREATE INDEX `sessionTokens_createdAt`
 5 | ON `sessionTokens` (`createdAt`)
 6 | ALGORITHM=INPLACE
 7 | LOCK=NONE;
 8 | 
 9 | -- Used to prevent session token pruning from doing a full table scan
10 | -- as it proceeds further and further through the (very long) backlog
11 | -- of pruning candidates.
12 | INSERT INTO dbMetadata (name, value)
13 | VALUES ('sessionTokensPrunedUntil', 0);
14 | 
15 | -- Update prune to delete sessionTokens and unverifiedTokens.
16 | CREATE PROCEDURE `prune_6` (IN `olderThan` BIGINT UNSIGNED)
17 | BEGIN
18 |   DECLARE EXIT HANDLER FOR SQLEXCEPTION
19 |   BEGIN
20 |     ROLLBACK;
21 |     RESIGNAL;
22 |   END;
23 | 
24 |   SELECT @lockAcquired := GET_LOCK('fxa-auth-server.prune-lock', 3);
25 | 
26 |   IF @lockAcquired THEN
27 |     DELETE FROM accountResetTokens WHERE createdAt < olderThan ORDER BY createdAt LIMIT 10000;
28 |     DELETE FROM passwordForgotTokens WHERE createdAt < olderThan ORDER BY createdAt LIMIT 10000;
29 |     DELETE FROM passwordChangeTokens WHERE createdAt < olderThan ORDER BY createdAt LIMIT 10000;
30 |     DELETE FROM unblockCodes WHERE createdAt < olderThan ORDER BY createdAt LIMIT 10000;
31 |     DELETE FROM signinCodes WHERE createdAt < olderThan ORDER BY createdAt LIMIT 10000;
32 | 
33 |     -- Pruning session tokens is more complicated because we can't
34 |     -- prune them if there is an associated device record.
35 |     START TRANSACTION;
36 | 
37 |     -- Step 1: Find out how far we got on previous iterations.
38 |     SELECT @pruneFrom := value FROM dbMetadata WHERE name = 'sessionTokensPrunedUntil';
39 | 
40 |     -- Step 2: Find out how far we will get on this iteration.
41 |     SELECT @pruneUntil := MAX(createdAt) FROM (
42 |       SELECT createdAt FROM sessionTokens
43 |       WHERE createdAt >= @pruneFrom AND createdAt < olderThan
44 |       AND NOT EXISTS (
45 |         SELECT sessionTokenId FROM devices
46 |         WHERE uid = sessionTokens.uid
47 |         AND sessionTokenId = sessionTokens.tokenId
48 |       )
49 |       ORDER BY createdAt
50 |       LIMIT 10000
51 |     ) AS prunees;
52 | 
53 |     -- Step 3: Prune sessionTokens and unverifiedTokens.
54 |     DELETE st, ut
55 |     FROM sessionTokens AS st
56 |     LEFT JOIN unverifiedTokens AS ut
57 |     ON st.tokenId = ut.tokenId
58 |     WHERE st.createdAt > @pruneFrom
59 |     AND st.createdAt <= @pruneUntil
60 |     AND NOT EXISTS (
61 |       SELECT sessionTokenId FROM devices
62 |       WHERE uid = st.uid AND sessionTokenId = st.tokenId
63 |     );
64 | 
65 |     -- Step 4: Tell following iterations how far we got.
66 |     UPDATE dbMetadata
67 |     SET value = @pruneUntil
68 |     WHERE name = 'sessionTokensPrunedUntil';
69 | 
70 |     COMMIT;
71 | 
72 |     SELECT RELEASE_LOCK('fxa-auth-server.prune-lock');
73 |   END IF;
74 | END;
75 | 
76 | UPDATE dbMetadata SET value = '67' WHERE name = 'schema-patch-level';
77 | 
78 | 


--------------------------------------------------------------------------------
/lib/db/schema/patch-067-066.sql:
--------------------------------------------------------------------------------
 1 | -- DROP INDEX `sessionTokens_createdAt`
 2 | -- ON `sessionTokens`
 3 | -- ALGORITHM=INPLACE
 4 | -- LOCK=NONE;
 5 | 
 6 | -- DELETE FROM dbMetadata
 7 | -- WHERE name = 'sessionTokensPrunedUntil';
 8 | 
 9 | -- DROP PROCEDURE `prune_6`;
10 | 
11 | -- UPDATE dbMetadata SET value = '66' WHERE name = 'schema-patch-level';
12 | 
13 | 


--------------------------------------------------------------------------------
/lib/db/schema/patch-068-067.sql:
--------------------------------------------------------------------------------
 1 | -- DROP INDEX unverifiedTokens_tokenVerificationCodeHash_uid;
 2 | 
 3 | -- ALTER TABLE `unverifiedTokens`
 4 | -- DROP COLUMN `tokenVerificationCode` BINARY(32),
 5 | -- DROP COLUMN `tokenVerificationCodeExpiresAt` BIGINT UNSIGNED,
 6 | -- ALGORITHM = INPLACE, LOCK = NONE;
 7 | 
 8 | -- DROP PROCEDURE `sessionTokenWithVerificationStatus_7`;
 9 | -- DROP PROCEDURE `createSessionToken_8`;
10 | -- DROP PROCEDURE `verifyTokenCode_1`;
11 | 
12 | -- UPDATE dbMetadata SET value = '67' WHERE name = 'schema-patch-level';
13 | 
14 | 


--------------------------------------------------------------------------------
/lib/db/schema/patch-068-069.sql:
--------------------------------------------------------------------------------
 1 | SET NAMES utf8mb4 COLLATE utf8mb4_bin;
 2 | 
 3 | -- We might have gotten ourselves into a state where 'sessionTokensPrunedUntil'
 4 | -- was set to the empty string.  Start it over from zero.
 5 | UPDATE dbMetadata SET value = '0' WHERE name = 'sessionTokensPrunedUntil' AND value = '';
 6 | 
 7 | -- Update prune to limit total number of sessionTokens examined,
 8 | -- and avoid producing the above empty-string bug.
 9 | CREATE PROCEDURE `prune_7` (IN `olderThanArg` BIGINT UNSIGNED)
10 | BEGIN
11 |   DECLARE EXIT HANDLER FOR SQLEXCEPTION
12 |   BEGIN
13 |     ROLLBACK;
14 |     RESIGNAL;
15 |   END;
16 | 
17 |   SELECT @lockAcquired := GET_LOCK('fxa-auth-server.prune-lock', 3);
18 | 
19 |   IF @lockAcquired THEN
20 |     DELETE FROM accountResetTokens WHERE createdAt < olderThanArg ORDER BY createdAt LIMIT 10000;
21 |     DELETE FROM passwordForgotTokens WHERE createdAt < olderThanArg ORDER BY createdAt LIMIT 10000;
22 |     DELETE FROM passwordChangeTokens WHERE createdAt < olderThanArg ORDER BY createdAt LIMIT 10000;
23 |     DELETE FROM unblockCodes WHERE createdAt < olderThanArg ORDER BY createdAt LIMIT 10000;
24 |     DELETE FROM signinCodes WHERE createdAt < olderThanArg ORDER BY createdAt LIMIT 10000;
25 | 
26 |     -- Pruning session tokens is complicated because:
27 |     --   * we can't prune them if there is an associated device record, and
28 |     --   * we have to delete from both sessionTokens and unverifiedTokens tables, and
29 |     --   * MySQL won't allow `LIMIT` to be used in a multi-table delete.
30 |     -- To achieve all this in an efficient manner, we prune tokens within a specific
31 |     -- time window rather than using a `LIMIT` clause.  At the end of each run we
32 |     -- record the new lower-bound on creation time for tokens that might have expired.
33 |     START TRANSACTION;
34 | 
35 |     -- Step 1: Find out how far we got on previous iterations.
36 |     SELECT @pruneFrom := value FROM dbMetadata WHERE name = 'sessionTokensPrunedUntil';
37 | 
38 |     -- Step 2: Calculate what timestamp we will reach on this iteration
39 |     -- if we purge a sensibly-sized batch of tokens.
40 |     -- N.B. We deliberately do not filter on whether the token has
41 |     -- a device here.  We want to limit the number of tokens that we
42 |     -- *examine*, regardless of whether it actually delete them.
43 |     SELECT @pruneUntil := MAX(createdAt) FROM (
44 |       SELECT createdAt FROM sessionTokens
45 |       WHERE createdAt >= @pruneFrom AND createdAt < olderThanArg
46 |       ORDER BY createdAt
47 |       LIMIT 10000
48 |     ) AS candidatesForPruning;
49 | 
50 |     -- This will be NULL if there are no expired tokens,
51 |     -- in which case we have nothing to do.
52 |     IF @pruneUntil IS NOT NULL THEN
53 | 
54 |       -- Step 3: Prune sessionTokens and unverifiedTokens tables.
55 |       -- Here we *do* filter on whether a device record exists.
56 |       -- We might not actually delete any tokens, but we will definitely
57 |       -- be able to increase 'sessionTokensPrunedUntil' for the next run.
58 |       DELETE st, ut
59 |       FROM sessionTokens AS st
60 |       LEFT JOIN unverifiedTokens AS ut
61 |       ON st.tokenId = ut.tokenId
62 |       WHERE st.createdAt > @pruneFrom
63 |       AND st.createdAt <= @pruneUntil
64 |       AND NOT EXISTS (
65 |         SELECT sessionTokenId FROM devices
66 |         WHERE uid = st.uid AND sessionTokenId = st.tokenId
67 |       );
68 | 
69 |       -- Step 4: Tell following iterations how far we got.
70 |       UPDATE dbMetadata
71 |       SET value = @pruneUntil
72 |       WHERE name = 'sessionTokensPrunedUntil';
73 | 
74 |     END IF;
75 | 
76 |     COMMIT;
77 | 
78 |     SELECT RELEASE_LOCK('fxa-auth-server.prune-lock');
79 |   END IF;
80 | END;
81 | 
82 | UPDATE dbMetadata SET value = '69' WHERE name = 'schema-patch-level';
83 | 
84 | 


--------------------------------------------------------------------------------
/lib/db/schema/patch-069-068.sql:
--------------------------------------------------------------------------------
1 | -- SET NAMES utf8mb4 COLLATE utf8mb4_bin;
2 | 
3 | -- DROP PROCEDURE `prune_7`;
4 | 
5 | -- UPDATE dbMetadata SET value = '68' WHERE name = 'schema-patch-level';
6 | 
7 | 


--------------------------------------------------------------------------------
/lib/db/schema/patch-069-070.sql:
--------------------------------------------------------------------------------
 1 | SET NAMES utf8mb4 COLLATE utf8mb4_bin;
 2 | 
 3 | -- Return the sessionToken id from deleteDevice
 4 | -- so the auth server can remove it from Redis
 5 | CREATE PROCEDURE `deleteDevice_3` (
 6 |   IN `uidArg` BINARY(16),
 7 |   IN `idArg` BINARY(16)
 8 | )
 9 | BEGIN
10 |   SELECT devices.sessionTokenId FROM devices
11 |   WHERE devices.uid = uidArg AND devices.id = idArg;
12 | 
13 |   DELETE devices, sessionTokens, unverifiedTokens
14 |   FROM devices
15 |   LEFT JOIN sessionTokens
16 |     ON devices.sessionTokenId = sessionTokens.tokenId
17 |   LEFT JOIN unverifiedTokens
18 |     ON sessionTokens.tokenId = unverifiedTokens.tokenId
19 |   WHERE devices.uid = uidArg
20 |     AND devices.id = idArg;
21 | END;
22 | 
23 | UPDATE dbMetadata SET value = '70' WHERE name = 'schema-patch-level';
24 | 
25 | 


--------------------------------------------------------------------------------
/lib/db/schema/patch-070-069.sql:
--------------------------------------------------------------------------------
1 | -- SET NAMES utf8mb4 COLLATE utf8mb4_bin;
2 | 
3 | -- DROP PROCEDURE `deleteDevice_3`;
4 | 
5 | -- UPDATE dbMetadata SET value = '69' WHERE name = 'schema-patch-level';
6 | 
7 | 


--------------------------------------------------------------------------------
/lib/db/schema/patch-070-071.sql:
--------------------------------------------------------------------------------
 1 | SET NAMES utf8mb4 COLLATE utf8mb4_bin;
 2 | 
 3 | CREATE TABLE IF NOT EXISTS totp (
 4 |   uid BINARY(16) NOT NULL,
 5 |   sharedSecret VARCHAR(80) NOT NULL,
 6 |   epoch BIGINT NOT NULL,
 7 |   createdAt BIGINT UNSIGNED NOT NULL,
 8 |   UNIQUE KEY (`uid`)
 9 | ) ENGINE=InnoDB;
10 | 
11 | CREATE PROCEDURE `createTotpToken_1` (
12 |   IN `uidArg` BINARY(16),
13 |   IN `sharedSecretArg` VARCHAR(80),
14 |   IN `epochArg` BIGINT UNSIGNED,
15 |   IN `createdAtArg` BIGINT UNSIGNED
16 | )
17 | BEGIN
18 | 
19 |   INSERT INTO totp(
20 |     uid,
21 |     sharedSecret,
22 |     epoch,
23 |     createdAt
24 |   )
25 |   VALUES(
26 |     uidArg,
27 |     sharedSecretArg,
28 |     epochArg,
29 |     createdAtArg
30 |   );
31 | 
32 | END;
33 | 
34 | CREATE PROCEDURE `totpToken_1` (
35 |   IN `uidArg` BINARY(16)
36 | )
37 | BEGIN
38 | 
39 |   SELECT sharedSecret, epoch FROM totp WHERE uid = uidArg;
40 | 
41 | END;
42 | 
43 | CREATE PROCEDURE `deleteTotpToken_1` (
44 |   IN `uidArg` BINARY(16)
45 | )
46 | BEGIN
47 | 
48 |   DELETE FROM totp WHERE uid = uidArg;
49 | 
50 | END;
51 | 
52 | CREATE PROCEDURE `deleteAccount_14` (
53 |   IN `uidArg` BINARY(16)
54 | )
55 | BEGIN
56 |   DECLARE EXIT HANDLER FOR SQLEXCEPTION
57 |   BEGIN
58 |     ROLLBACK;
59 |     RESIGNAL;
60 |   END;
61 | 
62 |   START TRANSACTION;
63 | 
64 |   DELETE FROM sessionTokens WHERE uid = uidArg;
65 |   DELETE FROM keyFetchTokens WHERE uid = uidArg;
66 |   DELETE FROM accountResetTokens WHERE uid = uidArg;
67 |   DELETE FROM passwordChangeTokens WHERE uid = uidArg;
68 |   DELETE FROM passwordForgotTokens WHERE uid = uidArg;
69 |   DELETE FROM accounts WHERE uid = uidArg;
70 |   DELETE FROM devices WHERE uid = uidArg;
71 |   DELETE FROM unverifiedTokens WHERE uid = uidArg;
72 |   DELETE FROM unblockCodes WHERE uid = uidArg;
73 |   DELETE FROM emails WHERE uid = uidArg;
74 |   DELETE FROM signinCodes WHERE uid = uidArg;
75 |   DELETE FROM totp WHERE uid = uidArg;
76 | 
77 |   COMMIT;
78 | END;
79 | 
80 | UPDATE dbMetadata SET value = '71' WHERE name = 'schema-patch-level';
81 | 
82 | 


--------------------------------------------------------------------------------
/lib/db/schema/patch-071-070.sql:
--------------------------------------------------------------------------------
 1 | -- SET NAMES utf8mb4 COLLATE utf8mb4_bin;
 2 | 
 3 | -- DROP PROCEDURE `createTotpToken_1`;
 4 | -- DROP PROCEDURE `totpToken_1`;
 5 | -- DROP PROCEDURE `deleteTotpToken_1`;
 6 | -- DROP PROCEDURE `deleteAccount_14`;
 7 | 
 8 | -- UPDATE dbMetadata SET value = '70' WHERE name = 'schema-patch-level';
 9 | 
10 | 


--------------------------------------------------------------------------------
/lib/db/schema/patch-072-071.sql:
--------------------------------------------------------------------------------
 1 | -- SET NAMES utf8mb4 COLLATE utf8mb4_bin;
 2 | 
 3 | --
 4 | -- ALTER TABLE `sessionTokens` DROP COLUMN `authAt`,
 5 | -- ALGORITHM = INPLACE, LOCK = NONE;
 6 | --
 7 | -- DROP PROCEDURE `updateSessionToken_2`;
 8 | -- DROP PROCEDURE `sessionToken_8`;
 9 | -- DROP PROCEDURE `sessionTokenWithVerificationStatus_8`;
10 | -- DROP PROCEDURE `sessionWithDevice_11`;
11 | -- DROP PROCEDURE `sessions_8`;
12 | 
13 | -- UPDATE dbMetadata SET value = '71' WHERE name = 'schema-patch-level';
14 | 
15 | 


--------------------------------------------------------------------------------
/lib/db/schema/patch-073-072.sql:
--------------------------------------------------------------------------------
 1 | -- SET NAMES utf8mb4 COLLATE utf8mb4_bin;
 2 | 
 3 | -- ALTER TABLE `totp`
 4 | -- DROP COLUMN `verified`,
 5 | -- DROP COLUMN `enabled`
 6 | -- ALGORITHM = INPLACE, LOCK = NONE;
 7 | 
 8 | -- ALTER TABLE `sessionTokens`
 9 | -- DROP COLUMN `verificationMethod`,
10 | -- DROP COLUMN `verifiedAt`,
11 | -- DROP COLUMN `mustVerify`
12 | -- ALGORITHM = INPLACE, LOCK = NONE;
13 | 
14 | -- DROP PROCEDURE `totpToken_2`;
15 | -- DROP PROCEDURE `updateTotpToken_1`;
16 | -- DROP PROCEDURE `verifyTokensWithMethod_1`;
17 | -- DROP PROCEDURE `sessionWithDevice_12`;
18 | -- DROP PROCEDURE `createSessionToken_9`;
19 | -- DROP PROCEDURE `updateSessionToken_3`;
20 | 
21 | -- UPDATE dbMetadata SET value = '72' WHERE name = 'schema-patch-level';
22 | 
23 | 


--------------------------------------------------------------------------------
/lib/db/schema/patch-074-073.sql:
--------------------------------------------------------------------------------
 1 | -- SET NAMES utf8mb4 COLLATE utf8mb4_bin;
 2 | 
 3 | -- DROP TABLE `deviceCapabilities`;
 4 | 
 5 | -- DROP PROCEDURE `addCapability_1`;
 6 | -- DROP PROCEDURE `purgeCapabilities_1`;
 7 | -- DROP PROCEDURE `accountDevices_13`;
 8 | -- DROP PROCEDURE `deviceFromTokenVerificationId_4`;
 9 | -- DROP PROCEDURE `sessionWithDevice_13`;
10 | -- DROP PROCEDURE `sessions_9`;
11 | 
12 | -- UPDATE dbMetadata SET value = '73' WHERE name = 'schema-patch-level';
13 | 
14 | 


--------------------------------------------------------------------------------
/lib/db/schema/patch-074-075.sql:
--------------------------------------------------------------------------------
 1 | SET NAMES utf8mb4 COLLATE utf8mb4_bin;
 2 | 
 3 | CREATE TABLE IF NOT EXISTS recoveryCodes (
 4 |   uid BINARY(16) NOT NULL,
 5 |   codeHash BINARY(64) NOT NULL,
 6 |   createdAt BIGINT UNSIGNED NOT NULL,
 7 |   UNIQUE KEY (`uid`, `codeHash`)
 8 | ) ENGINE=InnoDB;
 9 | 
10 | CREATE PROCEDURE `deleteRecoveryCodes_1` (
11 |   IN `uidArg` BINARY(16)
12 | )
13 | BEGIN
14 | 
15 |   DECLARE EXIT HANDLER FOR SQLEXCEPTION
16 |   BEGIN
17 |     ROLLBACK;
18 |     RESIGNAL;
19 |   END;
20 | 
21 |   START TRANSACTION;
22 | 
23 |   SET @accountCount = 0;
24 | 
25 |   -- Signal error if no user found
26 |   SELECT COUNT(*) INTO @accountCount FROM `accounts` WHERE `uid` = `uidArg`;
27 |   IF @accountCount = 0 THEN
28 |     SIGNAL SQLSTATE '45000' SET MYSQL_ERRNO = 1643, MESSAGE_TEXT = 'Can not generate recovery codes for unknown user.';
29 |   END IF;
30 | 
31 |   -- Delete all current recovery codes
32 |   DELETE FROM `recoveryCodes` WHERE `uid` = `uidArg`;
33 | 
34 |   COMMIT;
35 | END;
36 | 
37 | CREATE PROCEDURE `createRecoveryCode_1` (
38 |   IN `uidArg` BINARY(16),
39 |   IN `codeHashArg` BINARY(64)
40 | )
41 | BEGIN
42 | 
43 |   INSERT INTO recoveryCodes (uid, codeHash, createdAt) VALUES (uidArg, codeHashArg, NOW());
44 | 
45 | END;
46 | 
47 | CREATE PROCEDURE `consumeRecoveryCode_1` (
48 |   IN `uidArg` BINARY(16),
49 |   IN `codeHashArg` BINARY(64)
50 | )
51 | BEGIN
52 |   DECLARE EXIT HANDLER FOR SQLEXCEPTION
53 |   BEGIN
54 |     ROLLBACK;
55 |     RESIGNAL;
56 |   END;
57 | 
58 |   START TRANSACTION;
59 | 
60 |   SET @deletedCount = 0;
61 | 
62 |   DELETE FROM `recoveryCodes` WHERE `uid` = `uidArg` AND `codeHash` = `codeHashArg`;
63 | 
64 |   SELECT ROW_COUNT() INTO @deletedCount;
65 |   IF @deletedCount = 0 THEN
66 |     SIGNAL SQLSTATE '45000' SET MYSQL_ERRNO = 1643, MESSAGE_TEXT = 'Unknown recovery code.';
67 |   END IF;
68 | 
69 |   SELECT COUNT(*) AS count FROM `recoveryCodes` WHERE `uid` = `uidArg`;
70 | 
71 |   COMMIT;
72 | END;
73 | 
74 | UPDATE dbMetadata SET value = '75' WHERE name = 'schema-patch-level';


--------------------------------------------------------------------------------
/lib/db/schema/patch-075-074.sql:
--------------------------------------------------------------------------------
 1 | -- SET NAMES utf8mb4 COLLATE utf8mb4_bin;
 2 | 
 3 | -- DROP TABLE recoveryCodes;
 4 | -- DROP PROCEDURE deleteRecoveryCodes_1;
 5 | -- DROP PROCEDURE createRecoveryCode_1;
 6 | -- DROP PROCEDURE consumeRecoveryCode_1;
 7 | 
 8 | -- UPDATE dbMetadata SET value = '74' WHERE name = 'schema-patch-level';
 9 | 
10 | 


--------------------------------------------------------------------------------
/lib/db/schema/patch-075-076.sql:
--------------------------------------------------------------------------------
 1 | SET NAMES utf8mb4 COLLATE utf8mb4_bin;
 2 | 
 3 | CREATE PROCEDURE `verifyTokensWithMethod_2` (
 4 |   IN `tokenIdArg` BINARY(32),
 5 |   IN `verificationMethodArg` INT,
 6 |   IN `verifiedAtArg` BIGINT(1)
 7 | )
 8 | BEGIN
 9 |   DECLARE EXIT HANDLER FOR SQLEXCEPTION
10 |   BEGIN
11 |     ROLLBACK;
12 |     RESIGNAL;
13 |   END;
14 | 
15 |   START TRANSACTION;
16 |     -- Update session verification methods
17 |     UPDATE `sessionTokens` SET verificationMethod = verificationMethodArg, verifiedAt = verifiedAtArg
18 |     WHERE tokenId = tokenIdArg;
19 | 
20 |     SET @updateCount = (SELECT ROW_COUNT());
21 | 
22 |     -- Get the tokenVerificationId and uid for session
23 |     SET @tokenVerificationId = NULL;
24 |     SET @uid = NULL;
25 |     SELECT tokenVerificationId, uid INTO @tokenVerificationId, @uid FROM `unverifiedTokens`
26 |     WHERE tokenId = tokenIdArg;
27 | 
28 |     -- Verify tokens with tokenVerificationId
29 |     CALL verifyToken_3(@tokenVerificationId, @uid);
30 |   COMMIT;
31 | 
32 |   SELECT @updateCount;
33 | END;
34 | 
35 | UPDATE dbMetadata SET value = '76' WHERE name = 'schema-patch-level';
36 | 
37 | 


--------------------------------------------------------------------------------
/lib/db/schema/patch-076-075.sql:
--------------------------------------------------------------------------------
1 | -- SET NAMES utf8mb4 COLLATE utf8mb4_bin;
2 | 
3 | -- DROP PROCEDURE verifyTokensWithMethod_2;
4 | 
5 | -- UPDATE dbMetadata SET value = '75' WHERE name = 'schema-patch-level';
6 | 
7 | 


--------------------------------------------------------------------------------
/lib/db/schema/patch-076-077.sql:
--------------------------------------------------------------------------------
 1 | SET NAMES utf8mb4 COLLATE utf8mb4_bin;
 2 | 
 3 | CREATE PROCEDURE `consumeUnblockCode_2` (
 4 |     inUid BINARY(16),
 5 |     inCodeHash BINARY(32)
 6 | )
 7 | BEGIN
 8 |     DECLARE timestamp BIGINT;
 9 |     SET @timestamp = (
10 |         SELECT createdAt FROM unblockCodes
11 |         WHERE
12 |             uid = inUid
13 |         AND
14 |             unblockCodeHash = inCodeHash
15 |     );
16 | 
17 |     DELETE FROM unblockCodes
18 |     WHERE
19 |         uid = inUid;
20 | 
21 |     SELECT @timestamp AS createdAt;
22 | END;
23 | 
24 | UPDATE dbMetadata SET value = '77' WHERE name = 'schema-patch-level';
25 | 


--------------------------------------------------------------------------------
/lib/db/schema/patch-077-076.sql:
--------------------------------------------------------------------------------
1 | -- SET NAMES utf8mb4 COLLATE utf8mb4_bin;
2 | 
3 | -- DROP PROCEDURE `consumeUnblockCode_2`;
4 | 
5 | -- UPDATE dbMetadata SET value = '76' WHERE name = 'schema-patch-level';
6 | 
7 | 


--------------------------------------------------------------------------------
/lib/db/schema/patch-077-078.sql:
--------------------------------------------------------------------------------
 1 | SET NAMES utf8mb4 COLLATE utf8mb4_bin;
 2 | 
 3 | CREATE PROCEDURE `consumeUnblockCode_3` (
 4 |     inUid BINARY(16),
 5 |     inCodeHash BINARY(32)
 6 | )
 7 | BEGIN
 8 |     DECLARE timestamp BIGINT;
 9 | 
10 |     SET @timestamp = (
11 |         SELECT createdAt FROM unblockCodes
12 |         WHERE
13 |             uid = inUid
14 |         AND
15 |             unblockCodeHash = inCodeHash
16 |     );
17 | 
18 |     IF @timestamp > 0 THEN
19 |         DELETE FROM unblockCodes
20 |         WHERE
21 |             uid = inUid;
22 |     END IF;
23 | 
24 |     SELECT @timestamp AS createdAt;
25 | END;
26 | 
27 | UPDATE dbMetadata SET value = '78' WHERE name = 'schema-patch-level';
28 | 
29 | 


--------------------------------------------------------------------------------
/lib/db/schema/patch-078-077.sql:
--------------------------------------------------------------------------------
1 | -- SET NAMES utf8mb4 COLLATE utf8mb4_bin;
2 | 
3 | -- DROP PROCEDURE `consumeUnblockCode_3`;
4 | 
5 | -- UPDATE dbMetadata SET value = '77' WHERE name = 'schema-patch-level';
6 | 
7 | 


--------------------------------------------------------------------------------
/lib/db/schema/patch-078-079.sql:
--------------------------------------------------------------------------------
 1 | SET NAMES utf8mb4 COLLATE utf8mb4_bin;
 2 | 
 3 | -- Since we are altering the size of the `codeHash` column
 4 | -- we need to make sure that the column is empty before it can be applied
 5 | DELETE from recoveryCodes;
 6 | 
 7 | ALTER TABLE recoveryCodes MODIFY COLUMN codeHash BINARY(32);
 8 | 
 9 | ALTER TABLE recoveryCodes ADD COLUMN salt BINARY(32);
10 | 
11 | CREATE PROCEDURE `recoveryCodes_1` (
12 |   IN `uidArg` BINARY(16)
13 | )
14 | BEGIN
15 | 
16 |   SELECT * FROM recoveryCodes WHERE uid = uidArg;
17 | 
18 | END;
19 | 
20 | CREATE PROCEDURE `consumeRecoveryCode_2` (
21 |   IN `uidArg` BINARY(16),
22 |   IN `codeHashArg` BINARY(32)
23 | )
24 | BEGIN
25 |   DECLARE EXIT HANDLER FOR SQLEXCEPTION
26 |   BEGIN
27 |     ROLLBACK;
28 |     RESIGNAL;
29 |   END;
30 | 
31 |   START TRANSACTION;
32 | 
33 |   SET @deletedCount = 0;
34 | 
35 |   DELETE FROM `recoveryCodes` WHERE `uid` = `uidArg` AND `codeHash` = `codeHashArg`;
36 | 
37 |   SELECT ROW_COUNT() INTO @deletedCount;
38 |   IF @deletedCount = 0 THEN
39 |     SIGNAL SQLSTATE '45000' SET MYSQL_ERRNO = 1643, MESSAGE_TEXT = 'Unknown recovery code.';
40 |   END IF;
41 | 
42 |   SELECT COUNT(*) AS count FROM `recoveryCodes` WHERE `uid` = `uidArg`;
43 | 
44 |   COMMIT;
45 | END;
46 | 
47 | CREATE PROCEDURE `createRecoveryCode_2` (
48 |   IN `uidArg` BINARY(16),
49 |   IN `codeHashArg` BINARY(32),
50 |   IN `saltArg` BINARY(32)
51 | )
52 | BEGIN
53 | 
54 |   INSERT INTO recoveryCodes (uid, codeHash, salt, createdAt) VALUES (uidArg, codeHashArg, saltArg, NOW());
55 | 
56 | END;
57 | 
58 | UPDATE dbMetadata SET value = '79' WHERE name = 'schema-patch-level';
59 | 
60 | 


--------------------------------------------------------------------------------
/lib/db/schema/patch-079-078.sql:
--------------------------------------------------------------------------------
 1 | -- SET NAMES utf8mb4 COLLATE utf8mb4_bin;
 2 | 
 3 | -- ALTER TABLE recoveryCodes MODIFY COLUMN codeHash BINARY(64),
 4 | -- ALGORITHM = COPY, LOCK = SHARED;
 5 | -- ALTER TABLE recoveryCodes DROP COLUMN salt BINARY(32),
 6 | -- ALGORITHM = COPY, LOCK = SHARED;
 7 | -- DROP recoveryCodes_1;
 8 | -- DROP consumeRecoveryCode_2;
 9 | -- DROP createRecoveryCode_2;
10 | 
11 | -- UPDATE dbMetadata SET value = '78' WHERE name = 'schema-patch-level';
12 | 
13 | 


--------------------------------------------------------------------------------
/lib/db/schema/patch-079-080.sql:
--------------------------------------------------------------------------------
 1 | SET NAMES utf8mb4 COLLATE utf8mb4_bin;
 2 | 
 3 | -- createdAt value is never returned to the user and not used internally
 4 | 
 5 | ALTER TABLE recoveryCodes DROP COLUMN createdAt;
 6 | 
 7 | CREATE PROCEDURE `createRecoveryCode_3` (
 8 |   IN `uidArg` BINARY(16),
 9 |   IN `codeHashArg` BINARY(32),
10 |   IN `saltArg` BINARY(32)
11 | )
12 | BEGIN
13 | 
14 |   INSERT INTO recoveryCodes (uid, codeHash, salt) VALUES (uidArg, codeHashArg, saltArg);
15 | 
16 | END;
17 | 
18 | UPDATE dbMetadata SET value = '80' WHERE name = 'schema-patch-level';
19 | 


--------------------------------------------------------------------------------
/lib/db/schema/patch-080-079.sql:
--------------------------------------------------------------------------------
1 | -- SET NAMES utf8mb4 COLLATE utf8mb4_bin;
2 | 
3 | -- DROP PROCEDURE `createRecoveryCode_3`;
4 | -- ALTER TABLE  recoveryCodes ADD createdAt BIGINT UNSIGNED NOT NULL;
5 | 
6 | -- UPDATE dbMetadata SET value = '79' WHERE name = 'schema-patch-level';
7 | 


--------------------------------------------------------------------------------
/lib/db/schema/patch-080-081.sql:
--------------------------------------------------------------------------------
 1 | SET NAMES utf8mb4 COLLATE utf8mb4_bin;
 2 | 
 3 | CREATE TABLE IF NOT EXISTS recoveryKeys (
 4 |   uid BINARY(16) NOT NULL PRIMARY KEY,
 5 |   recoveryKeyId BINARY(64) NOT NULL,
 6 |   recoveryData TEXT
 7 | ) ENGINE=InnoDB;
 8 | 
 9 | CREATE PROCEDURE `createRecoveryKey_1` (
10 |   IN `uidArg` BINARY(16),
11 |   IN `recoveryKeyIdArg` BINARY(64),
12 |   IN `recoveryDataArg` TEXT
13 | )
14 | BEGIN
15 | 
16 |   DECLARE EXIT HANDLER FOR SQLEXCEPTION
17 |   BEGIN
18 |     ROLLBACK;
19 |     RESIGNAL;
20 |   END;
21 | 
22 |   START TRANSACTION;
23 | 
24 |   SET @accountCount = 0;
25 | 
26 |   -- Signal error if no user found
27 |   SELECT COUNT(*) INTO @accountCount FROM `accounts` WHERE `uid` = `uidArg`;
28 |   IF @accountCount = 0 THEN
29 |     SIGNAL SQLSTATE '45000' SET MYSQL_ERRNO = 1643, MESSAGE_TEXT = 'Can not create recovery key for unknown user.';
30 |   END IF;
31 | 
32 |   INSERT INTO recoveryKeys (uid, recoveryKeyId, recoveryData) VALUES (uidArg, recoveryKeyIdArg, recoveryDataArg);
33 | 
34 |   COMMIT;
35 | END;
36 | 
37 | CREATE PROCEDURE `getRecoveryKey_1` (
38 |   IN `uidArg` BINARY(16),
39 |   IN `recoveryKeyIdArg` BINARY(64)
40 | )
41 | BEGIN
42 | 
43 |   SELECT recoveryKeyId, recoveryData FROM recoveryKeys WHERE uid = uidArg AND recoveryKeyId = recoveryKeyIdArg;
44 | 
45 | END;
46 | 
47 | CREATE PROCEDURE `deleteRecoveryKey_1` (
48 |   IN `uidArg` BINARY(16),
49 |   IN `recoveryKeyIdArg` BINARY(64)
50 | )
51 | BEGIN
52 | 
53 |   DELETE FROM recoveryKeys WHERE uid = uidArg AND recoveryKeyId = recoveryKeyIdArg;
54 | 
55 | END;
56 | 
57 | UPDATE dbMetadata SET value = '81' WHERE name = 'schema-patch-level';
58 | 
59 | 


--------------------------------------------------------------------------------
/lib/db/schema/patch-081-080.sql:
--------------------------------------------------------------------------------
 1 | -- SET NAMES utf8mb4 COLLATE utf8mb4_bin;
 2 | 
 3 | -- DROP TABLE `recoveryKeys`;
 4 | -- DROP PROCEDURE `createRecoveryKey_1`;
 5 | -- DROP PROCEDURE `getRecoveryKey_1`;
 6 | -- DROP PROCEDURE `deleteRecoveryKey_1`;
 7 | 
 8 | -- UPDATE dbMetadata SET value = '80' WHERE name = 'schema-patch-level';
 9 | 
10 | 


--------------------------------------------------------------------------------
/lib/db/schema/patch-082-081.sql:
--------------------------------------------------------------------------------
 1 | -- SET NAMES utf8mb4 COLLATE utf8mb4_bin;
 2 | 
 3 | -- DROP TABLE deviceCommandIdentifiers;
 4 | -- DROP TABLE deviceCommands;
 5 | 
 6 | -- DROP PROCEDURE upsertAvailableCommand_1;
 7 | -- DROP PROCEDURE purgeAvailableCommands_1;
 8 | -- DROP PROCEDURE accountDevices_14;
 9 | -- DROP PROCEDURE device_1;
10 | -- DROP PROCEDURE deviceFromTokenVerificationId_5;
11 | -- DROP PROCEDURE sessionWithDevice_14;
12 | -- DROP PROCEDURE sessions_10;
13 | 
14 | -- UPDATE dbMetadata SET value = '81' WHERE name = 'schema-patch-level';
15 | 


--------------------------------------------------------------------------------
/lib/db/schema/patch-082-083.sql:
--------------------------------------------------------------------------------
 1 | SET NAMES utf8mb4 COLLATE utf8mb4_bin;
 2 | 
 3 | CREATE PROCEDURE `assertPatchLevel` (
 4 |   IN `requiredLevel` TEXT
 5 | )
 6 | BEGIN
 7 |   SELECT @currentPatchLevel := value FROM dbMetadata WHERE name = 'schema-patch-level';
 8 |   IF @currentPatchLevel != requiredLevel THEN
 9 |     SIGNAL SQLSTATE '45000' SET MYSQL_ERRNO = 1643, MESSAGE_TEXT = 'Missing migration detected';
10 |   END IF;
11 | END;
12 | 
13 | UPDATE dbMetadata SET value = '83' WHERE name = 'schema-patch-level';
14 | 


--------------------------------------------------------------------------------
/lib/db/schema/patch-083-082.sql:
--------------------------------------------------------------------------------
1 | -- SET NAMES utf8mb4 COLLATE utf8mb4_bin;
2 | 
3 | -- DROP PROCEDURE `assertPatchLevel`;
4 | 
5 | -- UPDATE dbMetadata SET value = '82' WHERE name = 'schema-patch-level';
6 | 


--------------------------------------------------------------------------------
/lib/db/schema/patch-083-084.sql:
--------------------------------------------------------------------------------
 1 | SET NAMES utf8mb4 COLLATE utf8mb4_bin;
 2 | 
 3 | CALL assertPatchLevel('83');
 4 | 
 5 | -- Since we are altering the size of the `recoveryKeyId` column
 6 | -- we need to make sure that the column is empty before it can be applied.
 7 | -- This table is ok to clear at this point because no user facing api
 8 | -- has landed to create recovery keys.
 9 | DELETE from recoveryKeys;
10 | 
11 | ALTER TABLE recoveryKeys MODIFY COLUMN recoveryKeyId BINARY(16);
12 | 
13 | CREATE PROCEDURE `createRecoveryKey_2` (
14 |   IN `uidArg` BINARY(16),
15 |   IN `recoveryKeyIdArg` BINARY(16),
16 |   IN `recoveryDataArg` TEXT
17 | )
18 | BEGIN
19 | 
20 |   DECLARE EXIT HANDLER FOR SQLEXCEPTION
21 |   BEGIN
22 |     ROLLBACK;
23 |     RESIGNAL;
24 |   END;
25 | 
26 |   START TRANSACTION;
27 | 
28 |   SET @accountCount = 0;
29 | 
30 |   -- Signal error if no user found
31 |   SELECT COUNT(*) INTO @accountCount FROM `accounts` WHERE `uid` = `uidArg`;
32 |   IF @accountCount = 0 THEN
33 |     SIGNAL SQLSTATE '45000' SET MYSQL_ERRNO = 1643, MESSAGE_TEXT = 'Can not create recovery key for unknown user.';
34 |   END IF;
35 | 
36 |   INSERT INTO recoveryKeys (uid, recoveryKeyId, recoveryData) VALUES (uidArg, recoveryKeyIdArg, recoveryDataArg);
37 | 
38 |   COMMIT;
39 | END;
40 | 
41 | CREATE PROCEDURE `getRecoveryKey_2` (
42 |   IN `uidArg` BINARY(16)
43 | )
44 | BEGIN
45 | 
46 |   SELECT recoveryKeyId, recoveryData FROM recoveryKeys WHERE uid = uidArg;
47 | 
48 | END;
49 | 
50 | CREATE PROCEDURE `deleteRecoveryKey_2` (
51 |   IN `uidArg` BINARY(16)
52 | )
53 | BEGIN
54 | 
55 |   DELETE FROM recoveryKeys WHERE uid = uidArg;
56 | 
57 | END;
58 | 
59 | UPDATE dbMetadata SET value = '84' WHERE name = 'schema-patch-level';


--------------------------------------------------------------------------------
/lib/db/schema/patch-084-083.sql:
--------------------------------------------------------------------------------
 1 | -- SET NAMES utf8mb4 COLLATE utf8mb4_bin;
 2 | 
 3 | -- ALTER TABLE recoveryKeys MODIFY COLUMN recoveryKeyId BINARY(64),
 4 | -- ALGORITHM = COPY, LOCK = SHARED;
 5 | -- DROP PROCEDURE createRecoveryKey_2;
 6 | -- DROP PROCEDURE getRecoveryKey_2;
 7 | -- DROP PROCEDURE deleteRecoveryKey_2;
 8 | 
 9 | -- UPDATE dbMetadata SET value = '83' WHERE name = 'schema-patch-level';
10 | 


--------------------------------------------------------------------------------
/lib/db/schema/patch-085-084.sql:
--------------------------------------------------------------------------------
 1 | -- SET NAMES utf8mb4 COLLATE utf8mb4_bin;
 2 | 
 3 | -- DROP PROCEDURE accountDevices_15;
 4 | -- DROP PROCEDURE device_2;
 5 | -- DROP PROCEDURE deviceFromTokenVerificationId_6;
 6 | -- DROP PROCEDURE sessionWithDevice_15;
 7 | -- DROP PROCEDURE sessions_11;
 8 | 
 9 | -- UPDATE dbMetadata SET value = '84' WHERE name = 'schema-patch-level';
10 | 


--------------------------------------------------------------------------------
/lib/db/schema/patch-085-086.sql:
--------------------------------------------------------------------------------
 1 | -- This migration updates recoveryKey table to store a hashed value of
 2 | -- the `recoveryKeyId` instead of the raw value. As part of this migration,
 3 | -- we will remove all existing recoveryKeys. This will help to ensure a consistent
 4 | -- migration.
 5 | SET NAMES utf8mb4 COLLATE utf8mb4_bin;
 6 | 
 7 | CALL assertPatchLevel('85');
 8 | 
 9 | DELETE FROM recoveryKeys;
10 | 
11 | -- We can drop this since we will be using the `recoveryKeyIdHash`
12 | -- column instead.
13 | ALTER TABLE recoveryKeys DROP COLUMN recoveryKeyId,
14 | ALGORITHM = INPLACE, LOCK = NONE;
15 | 
16 | ALTER TABLE recoveryKeys ADD COLUMN recoveryKeyIdHash BINARY(32) NOT NULL,
17 | ALGORITHM = INPLACE, LOCK = NONE;
18 | 
19 | -- If we are in the process of a rollout and a user calls `createRecoveryKey_2`
20 | -- then that request will fail. But that is ok since the previous create
21 | -- procedure would have put the raw recoveryKeyId in database, which
22 | -- would not work anyways.
23 | CREATE PROCEDURE `createRecoveryKey_3` (
24 |   IN `uidArg` BINARY(16),
25 |   IN `recoveryKeyIdHashArg` BINARY(32),
26 |   IN `recoveryDataArg` TEXT
27 | )
28 | BEGIN
29 | 
30 |   DECLARE EXIT HANDLER FOR SQLEXCEPTION
31 |   BEGIN
32 |     ROLLBACK;
33 |     RESIGNAL;
34 |   END;
35 | 
36 |   START TRANSACTION;
37 | 
38 |   SET @accountCount = 0;
39 | 
40 |   -- Signal error if no user found
41 |   SELECT COUNT(*) INTO @accountCount FROM `accounts` WHERE `uid` = `uidArg`;
42 |   IF @accountCount = 0 THEN
43 |     SIGNAL SQLSTATE '45000' SET MYSQL_ERRNO = 1643, MESSAGE_TEXT = 'Can not create recovery key for unknown user.';
44 |   END IF;
45 | 
46 |   INSERT INTO recoveryKeys (uid, recoveryKeyIdHash, recoveryData) VALUES (uidArg, recoveryKeyIdHashArg, recoveryDataArg);
47 | 
48 |   COMMIT;
49 | END;
50 | 
51 | CREATE PROCEDURE `getRecoveryKey_3` (
52 |   IN `uidArg` BINARY(16)
53 | )
54 | BEGIN
55 | 
56 |   SELECT recoveryKeyIdHash, recoveryData FROM recoveryKeys WHERE uid = uidArg;
57 | 
58 | END;
59 | 
60 | UPDATE dbMetadata SET value = '86' WHERE name = 'schema-patch-level';
61 | 


--------------------------------------------------------------------------------
/lib/db/schema/patch-086-085.sql:
--------------------------------------------------------------------------------
 1 | -- SET NAMES utf8mb4 COLLATE utf8mb4_bin;
 2 | 
 3 | -- ALTER TABLE `recoveryKeys`
 4 | -- ADD COLUMN recoveryKeyId
 5 | -- ALGORITHM = INPLACE, LOCK = NONE;
 6 | 
 7 | -- ALTER TABLE `recoveryKeys`
 8 | -- DROP COLUMN recoveryKeyIdHash
 9 | -- ALGORITHM = INPLACE, LOCK = NONE;
10 | 
11 | -- DROP PROCEDURE createRecoveryKey_3;
12 | -- DROP PROCEDURE getRecoveryKey_3;
13 | 
14 | -- UPDATE dbMetadata SET value = '85' WHERE name = 'schema-patch-level';
15 | 


--------------------------------------------------------------------------------
/lib/db/schema/patch-087-086.sql:
--------------------------------------------------------------------------------
 1 | -- SET NAMES utf8mb4 COLLATE utf8mb4_bin;
 2 | 
 3 | -- ALTER TABLE accounts DROP COLUMN profileChangedAt, ALGORITHM = INPLACE, LOCK = NONE;
 4 | 
 5 | -- DROP PROCEDURE setPrimaryEmail_2;
 6 | -- DROP PROCEDURE verifyEmail_6;
 7 | -- DROP PROCEDURE deleteEmail_3;
 8 | -- DROP PROCEDURE deleteTotpToken_2;
 9 | -- DROP PROCEDURE updateTotpToken_2;
10 | -- DROP PROCEDURE resetAccount_9;
11 | 
12 | -- DROP PROCEDURE sessionWithDevice_16;
13 | -- DROP PROCEDURE account_4;
14 | -- DROP PROCEDURE accountRecord_3;
15 | 
16 | -- UPDATE dbMetadata SET value = '86' WHERE name = 'schema-patch-level';
17 | 


--------------------------------------------------------------------------------
/lib/db/schema/patch-087-088.sql:
--------------------------------------------------------------------------------
 1 | SET NAMES utf8mb4 COLLATE utf8mb4_bin;
 2 | 
 3 | CALL assertPatchLevel('87');
 4 | 
 5 | CREATE PROCEDURE `deleteAccount_15` (
 6 |   IN `uidArg` BINARY(16)
 7 | )
 8 | BEGIN
 9 |   DECLARE EXIT HANDLER FOR SQLEXCEPTION
10 |   BEGIN
11 |     ROLLBACK;
12 |     RESIGNAL;
13 |   END;
14 | 
15 |   START TRANSACTION;
16 | 
17 |   DELETE FROM sessionTokens WHERE uid = uidArg;
18 |   DELETE FROM keyFetchTokens WHERE uid = uidArg;
19 |   DELETE FROM accountResetTokens WHERE uid = uidArg;
20 |   DELETE FROM passwordChangeTokens WHERE uid = uidArg;
21 |   DELETE FROM passwordForgotTokens WHERE uid = uidArg;
22 |   DELETE FROM accounts WHERE uid = uidArg;
23 |   DELETE FROM devices WHERE uid = uidArg;
24 |   DELETE FROM unverifiedTokens WHERE uid = uidArg;
25 |   DELETE FROM unblockCodes WHERE uid = uidArg;
26 |   DELETE FROM emails WHERE uid = uidArg;
27 |   DELETE FROM signinCodes WHERE uid = uidArg;
28 |   DELETE FROM totp WHERE uid = uidArg;
29 |   DELETE FROM recoveryKeys WHERE uid = uidArg;
30 |   DELETE FROM recoveryCodes WHERE uid = uidArg;
31 |   DELETE FROM securityEvents WHERE uid = uidArg;
32 | 
33 |   COMMIT;
34 | END;
35 | 
36 | UPDATE dbMetadata SET value = '88' WHERE name = 'schema-patch-level';
37 | 


--------------------------------------------------------------------------------
/lib/db/schema/patch-088-087.sql:
--------------------------------------------------------------------------------
1 | -- SET NAMES utf8mb4 COLLATE utf8mb4_bin;
2 | 
3 | -- DROP PROCEDURE deleteAccount_15;
4 | 
5 | -- UPDATE dbMetadata SET value = '87' WHERE name = 'schema-patch-level';
6 | 


--------------------------------------------------------------------------------
/lib/db/schema/patch-088-089.sql:
--------------------------------------------------------------------------------
 1 | -- Add an index to walk signinCodes table by uid,
 2 | -- which is necessary when deleting an account.
 3 | SET NAMES utf8mb4 COLLATE utf8mb4_bin;
 4 | 
 5 | CALL assertPatchLevel('88');
 6 | 
 7 | CREATE INDEX `signinCodes_uid`
 8 | ON `signinCodes` (`uid`)
 9 | ALGORITHM = INPLACE LOCK = NONE;
10 | 
11 | UPDATE dbMetadata SET value = '89' WHERE name = 'schema-patch-level';
12 | 


--------------------------------------------------------------------------------
/lib/db/schema/patch-089-088.sql:
--------------------------------------------------------------------------------
1 | -- SET NAMES utf8mb4 COLLATE utf8mb4_bin;
2 | 
3 | -- DROP INDEX `signinCodes_uid`
4 | -- ON `signinCodes`
5 | -- ALGORITHM=INPLACE, LOCK=NONE;
6 | 
7 | -- UPDATE dbMetadata SET value = '88' WHERE name = 'schema-patch-level';
8 | 


--------------------------------------------------------------------------------
/lib/db/schema/patch-089-090.sql:
--------------------------------------------------------------------------------
 1 | SET NAMES utf8mb4 COLLATE utf8mb4_bin;
 2 | 
 3 | CALL assertPatchLevel('89');
 4 | 
 5 | CREATE PROCEDURE `verifyTokensWithMethod_3` (
 6 |   IN `tokenIdArg` BINARY(32),
 7 |   IN `verificationMethodArg` INT,
 8 |   IN `verifiedAtArg` BIGINT(1)
 9 | )
10 | BEGIN
11 |   DECLARE EXIT HANDLER FOR SQLEXCEPTION
12 |   BEGIN
13 |     ROLLBACK;
14 |     RESIGNAL;
15 |   END;
16 | 
17 |     -- Update session verification methods
18 |     UPDATE `sessionTokens` SET verificationMethod = verificationMethodArg, verifiedAt = verifiedAtArg
19 |     WHERE tokenId = tokenIdArg;
20 | 
21 | END;
22 | 
23 | CREATE PROCEDURE `verifyTokenCode_2` (
24 |   IN `tokenVerificationCodeHashArg` BINARY(32),
25 |   IN `uidArg` BINARY(16)
26 | )
27 | BEGIN
28 |   DECLARE EXIT HANDLER FOR SQLEXCEPTION
29 |   BEGIN
30 |     ROLLBACK;
31 |     RESIGNAL;
32 |   END;
33 | 
34 |   SET @tokenVerificationId = NULL;
35 |   SELECT tokenVerificationId INTO @tokenVerificationId FROM unverifiedTokens
36 |     WHERE uid = uidArg
37 |     AND tokenVerificationCodeHash = tokenVerificationCodeHashArg
38 |     AND tokenVerificationCodeExpiresAt >= (UNIX_TIMESTAMP(NOW(3)) * 1000);
39 | 
40 |   IF @tokenVerificationId IS NULL THEN
41 |     SET @expiredCount = 0;
42 |     SELECT COUNT(*) INTO @expiredCount FROM unverifiedTokens
43 |       WHERE uid = uidArg
44 |       AND tokenVerificationCodeHash = tokenVerificationCodeHashArg
45 |       AND tokenVerificationCodeExpiresAt < (UNIX_TIMESTAMP(NOW(3)) * 1000);
46 | 
47 |     IF @expiredCount > 0 THEN
48 |       SIGNAL SQLSTATE '45000' SET MYSQL_ERRNO = 2101, MESSAGE_TEXT = 'Expired token verification code.';
49 |     END IF;
50 |   END IF;
51 | 
52 |   UPDATE securityEvents
53 |   SET verified = true
54 |   WHERE tokenVerificationId = @tokenVerificationId
55 |   AND uid = uidArg;
56 | 
57 |   DELETE FROM unverifiedTokens
58 |   WHERE tokenVerificationId = @tokenVerificationId
59 |   AND uid = uidArg;
60 | END;
61 | 
62 | UPDATE dbMetadata SET value = '90' WHERE name = 'schema-patch-level';
63 | 


--------------------------------------------------------------------------------
/lib/db/schema/patch-090-089.sql:
--------------------------------------------------------------------------------
1 | -- SET NAMES utf8mb4 COLLATE utf8mb4_bin;
2 | 
3 | -- DROP PROCEDURE verifyTokensWithMethod_3;
4 | -- DROP PROCEDURE verifyTokenCode_2;
5 | 
6 | -- UPDATE dbMetadata SET value = '89' WHERE name = 'schema-patch-level';
7 | 


--------------------------------------------------------------------------------
/lib/db/schema/patch-091-090.sql:
--------------------------------------------------------------------------------
 1 | -- SET NAMES utf8mb4 COLLATE utf8mb4_bin;
 2 | 
 3 | -- ALTER TABLE accounts ADD COLUMN profileChangedAt BIGINT UNSIGNED DEFAULT NULL,
 4 | -- ALGORITHM = INPLACE, LOCK = NONE;
 5 | 
 6 | -- DROP PROCEDURE setPrimaryEmail_3;
 7 | -- DROP PROCEDURE verifyEmail_7;
 8 | -- DROP PROCEDURE deleteEmail_4;
 9 | -- DROP PROCEDURE deleteTotpToken_3;
10 | -- DROP PROCEDURE updateTotpToken_3;
11 | -- DROP PROCEDURE resetAccount_10;
12 | -- DROP PROCEDURE sessionWithDevice_17;
13 | -- DROP PROCEDURE accountRecord_4;
14 | -- DROP PROCEDURE account_5;
15 | 
16 | -- UPDATE dbMetadata SET value = '90' WHERE name = 'schema-patch-level';
17 | 


--------------------------------------------------------------------------------
/lib/db/schema/patch-091-092.sql:
--------------------------------------------------------------------------------
 1 | SET NAMES utf8mb4 COLLATE utf8mb4_bin;
 2 | 
 3 | CALL assertPatchLevel('91');
 4 | 
 5 | -- Removes the LOWER(inUid) requirement on the WHERE clause
 6 | CREATE PROCEDURE `account_6` (
 7 |     IN `inUid` BINARY(16)
 8 | )
 9 | BEGIN
10 |     SELECT
11 |         a.uid,
12 |         a.email,
13 |         a.normalizedEmail,
14 |         a.emailVerified,
15 |         a.emailCode,
16 |         a.kA,
17 |         a.wrapWrapKb,
18 |         a.verifierVersion,
19 |         a.authSalt,
20 |         a.verifierSetAt,
21 |         a.createdAt,
22 |         a.locale,
23 |         a.lockedAt,
24 |         COALESCE(a.verifierSetAt, a.createdAt) AS profileChangedAt
25 |     FROM
26 |         accounts a
27 |     WHERE
28 |         a.uid = inUid
29 |     ;
30 | END;
31 | 
32 | -- Specify the email string encoding for `inEmail`. MySQL fails to use the
33 | -- correct index in subquery if this is not set.
34 | -- Ref: https://github.com/mozilla/fxa-auth-db-mysql/issues/440
35 | CREATE PROCEDURE `accountRecord_5` (
36 |   IN `inEmail` VARCHAR(255) CHARACTER SET utf8 COLLATE utf8_bin
37 | )
38 | BEGIN
39 |     SELECT
40 |         a.uid,
41 |         a.email,
42 |         a.normalizedEmail,
43 |         a.emailVerified,
44 |         a.emailCode,
45 |         a.kA,
46 |         a.wrapWrapKb,
47 |         a.verifierVersion,
48 |         a.authSalt,
49 |         a.verifierSetAt,
50 |         a.createdAt,
51 |         a.locale,
52 |         a.lockedAt,
53 |         COALESCE(a.verifierSetAt, a.createdAt) AS profileChangedAt,
54 |         e.normalizedEmail AS primaryEmail
55 |     FROM
56 |         accounts a,
57 |         emails e
58 |     WHERE
59 |         a.uid = (SELECT uid FROM emails WHERE normalizedEmail = LOWER(inEmail))
60 |     AND
61 |         a.uid = e.uid
62 |     AND
63 |         e.isPrimary = true;
64 | END;
65 | 
66 | UPDATE dbMetadata SET value = '92' WHERE name = 'schema-patch-level';
67 | 


--------------------------------------------------------------------------------
/lib/db/schema/patch-092-091.sql:
--------------------------------------------------------------------------------
1 | -- SET NAMES utf8mb4 COLLATE utf8mb4_bin;
2 | 
3 | -- DROP PROCEDURE account_6;
4 | -- DROP PROCEDURE accountRecord_5;
5 | 
6 | -- UPDATE dbMetadata SET value = '91' WHERE name = 'schema-patch-level';
7 | 


--------------------------------------------------------------------------------
/lib/db/schema/patch-092-093.sql:
--------------------------------------------------------------------------------
 1 | -- This migration removes the use of `ROW_COUNT()` on the last
 2 | -- remaining procedures.
 3 | SET NAMES utf8mb4 COLLATE utf8mb4_bin;
 4 | 
 5 | CALL assertPatchLevel('92');
 6 | 
 7 | -- Updated to not use `ROW_COUNT()`. The previous procedure used row count to ensure that
 8 | -- the uid actually owned the email specified.
 9 | CREATE PROCEDURE `setPrimaryEmail_4` (
10 |   IN `inUid` BINARY(16),
11 |   IN `inNormalizedEmail` VARCHAR(255) CHARACTER SET utf8 COLLATE utf8_bin
12 | )
13 | BEGIN
14 |   DECLARE EXIT HANDLER FOR SQLEXCEPTION
15 |   BEGIN
16 |     ROLLBACK;
17 |     RESIGNAL;
18 |   END;
19 | 
20 |   START TRANSACTION;
21 |     SELECT normalizedEmail INTO @foundEmail FROM emails WHERE uid = inUid AND normalizedEmail = inNormalizedEmail AND isVerified = false;
22 |     IF @foundEmail IS NOT NULL THEN
23 |      SIGNAL SQLSTATE '45000' SET MYSQL_ERRNO = 1643, MESSAGE_TEXT = 'Can not change email. Email is not verified.';
24 |     END IF;
25 | 
26 |     SELECT normalizedEmail INTO @foundEmail FROM emails WHERE uid = inUid AND normalizedEmail = inNormalizedEmail AND isVerified;
27 |     IF @foundEmail IS NULL THEN
28 |      SIGNAL SQLSTATE '45000' SET MYSQL_ERRNO = 1062, MESSAGE_TEXT = 'Can not change email. Could not find email.';
29 |     END IF;
30 | 
31 |     UPDATE emails SET isPrimary = false WHERE uid = inUid AND isPrimary = true;
32 |     UPDATE emails SET isPrimary = true WHERE uid = inUid AND isPrimary = false AND normalizedEmail = inNormalizedEmail;
33 |   COMMIT;
34 | END;
35 | 
36 | -- Updated to not use `ROW_COUNT()`. The previous procedure used row count to check to see
37 | -- if the given code was actually found. The new procedure moves the responsibility to `db.consumeRecoveryCode`
38 | -- where all recovery codes are retrieved and filtered to only the matching code.
39 | CREATE PROCEDURE `consumeRecoveryCode_3` (
40 |   IN `uidArg` BINARY(16),
41 |   IN `codeHashArg` BINARY(32)
42 | )
43 | BEGIN
44 |   DECLARE EXIT HANDLER FOR SQLEXCEPTION
45 |   BEGIN
46 |     ROLLBACK;
47 |     RESIGNAL;
48 |   END;
49 | 
50 |   START TRANSACTION;
51 | 
52 |   DELETE FROM `recoveryCodes` WHERE `uid` = `uidArg` AND `codeHash` = `codeHashArg`;
53 | 
54 |   SELECT COUNT(*) AS count FROM `recoveryCodes` WHERE `uid` = `uidArg`;
55 | 
56 |   COMMIT;
57 | END;
58 | 
59 | UPDATE dbMetadata SET value = '93' WHERE name = 'schema-patch-level';
60 | 


--------------------------------------------------------------------------------
/lib/db/schema/patch-093-092.sql:
--------------------------------------------------------------------------------
1 | -- SET NAMES utf8mb4 COLLATE utf8mb4_bin;
2 | 
3 | -- DROP PROCEDURE setPrimaryEmail_4;
4 | -- DROP PROCEDURE consumeRecoveryCode_3;
5 | 
6 | -- UPDATE dbMetadata SET value = '92' WHERE name = 'schema-patch-level';
7 | 


--------------------------------------------------------------------------------
/lib/db/schema/patch-093-094.sql:
--------------------------------------------------------------------------------
 1 | SET NAMES utf8mb4 COLLATE utf8mb4_bin;
 2 | 
 3 | CALL assertPatchLevel('93');
 4 | 
 5 | -- Removes the check for setting a primary email to an unverified email. The check
 6 | -- is currently having some unexpected behavior. This is safe to remove for now
 7 | -- because the check is performed in the auth-server before it sets the
 8 | -- new primary email.
 9 | -- Ref: https://github.com/mozilla/fxa-auth-server/blob/master/lib/routes/emails.js#L763
10 | CREATE PROCEDURE `setPrimaryEmail_5` (
11 |   IN `inUid` BINARY(16),
12 |   IN `inNormalizedEmail` VARCHAR(255) CHARACTER SET utf8 COLLATE utf8_bin
13 | )
14 | BEGIN
15 |   DECLARE EXIT HANDLER FOR SQLEXCEPTION
16 |   BEGIN
17 |     ROLLBACK;
18 |     RESIGNAL;
19 |   END;
20 | 
21 |   START TRANSACTION;
22 | 
23 |     SELECT normalizedEmail INTO @foundEmail FROM emails WHERE uid = inUid AND normalizedEmail = inNormalizedEmail AND isVerified;
24 |     IF @foundEmail IS NULL THEN
25 |      SIGNAL SQLSTATE '45000' SET MYSQL_ERRNO = 1062, MESSAGE_TEXT = 'Can not change email. Could not find email.';
26 |     END IF;
27 | 
28 |     UPDATE emails SET isPrimary = false WHERE uid = inUid AND isPrimary = true;
29 |     UPDATE emails SET isPrimary = true WHERE uid = inUid AND isPrimary = false AND normalizedEmail = inNormalizedEmail;
30 |   COMMIT;
31 | END;
32 | 
33 | UPDATE dbMetadata SET value = '94' WHERE name = 'schema-patch-level';
34 | 


--------------------------------------------------------------------------------
/lib/db/schema/patch-094-093.sql:
--------------------------------------------------------------------------------
1 | -- SET NAMES utf8mb4 COLLATE utf8mb4_bin;
2 | 
3 | -- DROP PROCEDURE setPrimaryEmail_5;
4 | 
5 | -- UPDATE dbMetadata SET value = '93' WHERE name = 'schema-patch-level';
6 | 


--------------------------------------------------------------------------------
/lib/db/schema/patch-095-094.sql:
--------------------------------------------------------------------------------
 1 | -- SET NAMES utf8mb4 COLLATE utf8mb4_bin;
 2 | 
 3 | -- DROP PROCEDURE `sessionWithDevice_18`;
 4 | -- DROP PROCEDURE `account_7`;
 5 | -- DROP PROCEDURE `accountRecord_6`;
 6 | -- DROP PROCEDURE `resetAccount_11`;
 7 | -- DROP PROCEDURE `verifyEmail_8`;
 8 | -- DROP PROCEDURE `setPrimaryEmail_6`;
 9 | -- DROP PROCEDURE `deleteEmail_5`;
10 | -- DROP PROCEDURE `deleteTotpToken_4`;
11 | -- DROP PROCEDURE `updateTotpToken_4`;
12 | 
13 | -- ALTER TABLE accounts DROP COLUMN profileChangedAt, DROP COLUMN keysChangedAt;
14 | 
15 | -- UPDATE dbMetadata SET value = '94' WHERE name = 'schema-patch-level';
16 | 


--------------------------------------------------------------------------------
/lib/db/schema/patch-095-096.sql:
--------------------------------------------------------------------------------
 1 | SET NAMES utf8mb4 COLLATE utf8mb4_bin;
 2 | 
 3 | CALL assertPatchLevel('95');
 4 | 
 5 | -- In order for future migrations on the `devices` table to apply cleanly via migration
 6 | -- tooling, we need to drop `FOREIGN KEY` constraints on the `devices` table.  This
 7 | -- is a preparatory migration that adds explicit deletions in the places where we're
 8 | -- currently relying on `ON DELETE CASCADE`.  Once the new stored procedures are being
 9 | -- used, we'll be free to drop the FK constraints without the risk of missing any deletions.
10 | 
11 | CREATE PROCEDURE `deleteAccount_16` (
12 |   IN `uidArg` BINARY(16)
13 | )
14 | BEGIN
15 |   DECLARE EXIT HANDLER FOR SQLEXCEPTION
16 |   BEGIN
17 |     ROLLBACK;
18 |     RESIGNAL;
19 |   END;
20 | 
21 |   START TRANSACTION;
22 | 
23 |   DELETE FROM sessionTokens WHERE uid = uidArg;
24 |   DELETE FROM keyFetchTokens WHERE uid = uidArg;
25 |   DELETE FROM accountResetTokens WHERE uid = uidArg;
26 |   DELETE FROM passwordChangeTokens WHERE uid = uidArg;
27 |   DELETE FROM passwordForgotTokens WHERE uid = uidArg;
28 |   DELETE FROM accounts WHERE uid = uidArg;
29 |   DELETE devices, deviceCommands FROM devices LEFT JOIN deviceCommands
30 |     ON (deviceCommands.uid = devices.uid AND deviceCommands.deviceId = devices.id)
31 |     WHERE devices.uid = uidArg;
32 |   DELETE FROM unverifiedTokens WHERE uid = uidArg;
33 |   DELETE FROM unblockCodes WHERE uid = uidArg;
34 |   DELETE FROM emails WHERE uid = uidArg;
35 |   DELETE FROM signinCodes WHERE uid = uidArg;
36 |   DELETE FROM totp WHERE uid = uidArg;
37 |   DELETE FROM recoveryKeys WHERE uid = uidArg;
38 |   DELETE FROM recoveryCodes WHERE uid = uidArg;
39 |   DELETE FROM securityEvents WHERE uid = uidArg;
40 | 
41 |   COMMIT;
42 | END;
43 | 
44 | CREATE PROCEDURE `resetAccount_12` (
45 |   IN `uidArg` BINARY(16),
46 |   IN `verifyHashArg` BINARY(32),
47 |   IN `authSaltArg` BINARY(32),
48 |   IN `wrapWrapKbArg` BINARY(32),
49 |   IN `verifierSetAtArg` BIGINT UNSIGNED,
50 |   IN `verifierVersionArg` TINYINT UNSIGNED
51 | )
52 | BEGIN
53 |   DECLARE EXIT HANDLER FOR SQLEXCEPTION
54 |   BEGIN
55 |     ROLLBACK;
56 |     RESIGNAL;
57 |   END;
58 | 
59 |   START TRANSACTION;
60 | 
61 |   DELETE FROM sessionTokens WHERE uid = uidArg;
62 |   DELETE FROM keyFetchTokens WHERE uid = uidArg;
63 |   DELETE FROM accountResetTokens WHERE uid = uidArg;
64 |   DELETE FROM passwordChangeTokens WHERE uid = uidArg;
65 |   DELETE FROM passwordForgotTokens WHERE uid = uidArg;
66 |   DELETE devices, deviceCommands FROM devices LEFT JOIN deviceCommands
67 |     ON (deviceCommands.uid = devices.uid AND deviceCommands.deviceId = devices.id)
68 |     WHERE devices.uid = uidArg;  DELETE FROM unverifiedTokens WHERE uid = uidArg;
69 |   UPDATE accounts
70 |   SET
71 |     verifyHash = verifyHashArg,
72 |     authSalt = authSaltArg,
73 |     wrapWrapKb = wrapWrapKbArg,
74 |     verifierSetAt = verifierSetAtArg,
75 |     verifierVersion = verifierVersionArg,
76 |     profileChangedAt = verifierSetAtArg
77 |   WHERE uid = uidArg;
78 | 
79 |   COMMIT;
80 | END;
81 | 
82 | CREATE PROCEDURE `deleteSessionToken_4` (
83 |   IN `tokenIdArg` BINARY(32)
84 | )
85 | BEGIN
86 |   DELETE sessionTokens, unverifiedTokens, devices, deviceCommands
87 |   FROM sessionTokens
88 |   LEFT JOIN unverifiedTokens
89 |     ON sessionTokens.tokenId = unverifiedTokens.tokenId
90 |   LEFT JOIN devices
91 |     ON (sessionTokens.uid = devices.uid AND sessionTokens.tokenId = devices.sessionTokenId)
92 |   LEFT JOIN deviceCommands
93 |     ON (deviceCommands.uid = devices.uid AND deviceCommands.deviceId = devices.id)
94 |   WHERE
95 |     sessionTokens.tokenId = tokenIdArg;
96 | END;
97 | 
98 | UPDATE dbMetadata SET value = '96' WHERE name = 'schema-patch-level';
99 | 


--------------------------------------------------------------------------------
/lib/db/schema/patch-096-095.sql:
--------------------------------------------------------------------------------
1 | -- SET NAMES utf8mb4 COLLATE utf8mb4_bin;
2 | 
3 | -- DROP PROCEDURE `deleteAccount_16`;
4 | -- DROP PROCEDURE `resetAccount_12`;
5 | -- DROP PROCEDURE `deleteSessionToken_4`;
6 | 
7 | -- UPDATE dbMetadata SET value = '95' WHERE name = 'schema-patch-level';
8 | 


--------------------------------------------------------------------------------
/lib/db/schema/patch-097-096.sql:
--------------------------------------------------------------------------------
 1 | -- SET NAMES utf8mb4 COLLATE utf8mb4_bin;
 2 | 
 3 | -- This migration adds an optional `refreshTokenId` column to the `devices` table,
 4 | -- allowing OAuth clients to participate in the sync device ecosystem.
 5 | 
 6 | -- DROP PROCEDURE `createDevice_5`;
 7 | -- DROP PROCEDURE `updateDevice_6`;
 8 | -- DROP PROCEDURE `deleteDevice_4`;
 9 | -- DROP PROCEDURE `accountDevices_16`;
10 | -- DROP PROCEDURE `device_3`;
11 | 
12 | -- ALTER TABLE devices
13 | --   DROP COLUMN refreshTokenId,
14 | --   DROP INDEX UQ_devices_refreshTokenId;
15 | 
16 | -- ALTER TABLE deviceCommands
17 | --   ADD CONSTRAINT `deviceCommands_ibfk_1` FOREIGN KEY (`commandId`) REFERENCES `deviceCommandIdentifiers` (`commandId`) ON DELETE CASCADE,
18 | --   ADD CONSTRAINT `deviceCommands_ibfk_2` FOREIGN KEY (`uid`, `deviceId`) REFERENCES `devices` (`uid`, `id`) ON DELETE CASCADE;
19 | 
20 | -- CREATE TABLE `deviceCapabilities` (
21 | --   `uid` binary(16) NOT NULL,
22 | --   `deviceId` binary(16) NOT NULL,
23 | --   `capability` tinyint(3) unsigned NOT NULL,
24 | --   PRIMARY KEY (`uid`,`deviceId`,`capability`),
25 | --   CONSTRAINT `devicecapabilities_ibfk_1` FOREIGN KEY (`uid`, `deviceId`) REFERENCES `devices` (`uid`, `id`) ON DELETE CASCADE
26 | -- ) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_bin;
27 | 
28 | -- UPDATE dbMetadata SET value = '96' WHERE name = 'schema-patch-level';
29 | 


--------------------------------------------------------------------------------
/lib/logging.js:
--------------------------------------------------------------------------------
 1 | /* This Source Code Form is subject to the terms of the Mozilla Public
 2 |  * License, v. 2.0. If a copy of the MPL was not distributed with this
 3 |  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 4 | 
 5 | const mozlog = require('mozlog')
 6 | 
 7 | const config = require('../config')
 8 | 
 9 | module.exports = mozlog(config.logging)
10 | 


--------------------------------------------------------------------------------
/lib/newrelic.js:
--------------------------------------------------------------------------------
 1 | /* This Source Code Form is subject to the terms of the Mozilla Public
 2 |  * License, v. 2.0. If a copy of the MPL was not distributed with this
 3 |  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 4 | 
 5 | // To be enabled via the environment of stage or prod. NEW_RELIC_HIGH_SECURITY
 6 | // and NEW_RELIC_LOG should be set in addition to NEW_RELIC_APP_NAME and
 7 | // NEW_RELIC_LICENSE_KEY.
 8 | 
 9 | function maybeRequireNewRelic() {
10 |   var env = process.env
11 | 
12 |   if (env.NEW_RELIC_APP_NAME && env.NEW_RELIC_LICENSE_KEY) {
13 |     return require('newrelic')
14 |   }
15 | 
16 |   return null
17 | }
18 | 
19 | module.exports = maybeRequireNewRelic
20 | 


--------------------------------------------------------------------------------
/lib/promise.js:
--------------------------------------------------------------------------------
1 | /* This Source Code Form is subject to the terms of the Mozilla Public
2 | * License, v. 2.0. If a copy of the MPL was not distributed with this
3 | * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
4 | 
5 | module.exports = require('bluebird')
6 | 


--------------------------------------------------------------------------------
/package.json:
--------------------------------------------------------------------------------
 1 | {
 2 |   "name": "fxa-auth-db-mysql",
 3 |   "version": "1.133.1",
 4 |   "description": "MySQL backend for Firefox Accounts",
 5 |   "main": "index.js",
 6 |   "repository": {
 7 |     "type": "git",
 8 |     "url": "https://github.com/mozilla/fxa-auth-db-mysql"
 9 |   },
10 |   "bin": {
11 |     "fxa-auth-db-mysql": "bin/db_patcher.js"
12 |   },
13 |   "scripts": {
14 |     "outdated": "npm outdated --depth 0 || exit 0",
15 |     "shrink": "npmshrink",
16 |     "start": "node ./bin/db_patcher.js >/dev/null && node ./bin/server.js",
17 |     "start-mem": "node ./bin/mem",
18 |     "test": "npm run test-mysql && npm run test-mem && npm run test-server && grunt eslint",
19 |     "test-mem": "./scripts/mocha-coverage.js test/mem --exit",
20 |     "test-mysql": "node ./bin/db_patcher.js >/dev/null && ./scripts/mocha-coverage.js test/backend test/local --exit",
21 |     "test-server": "./scripts/mocha-coverage.js db-server/test/local --exit",
22 |     "test-travis": "grunt && node ./bin/db_patcher.js && ./scripts/mocha-coverage.js test/backend test/local db-server/test/local test/mem --exit",
23 |     "migration-lint": "node scripts/migration-lint"
24 |   },
25 |   "author": "Mozilla (https://mozilla.org/)",
26 |   "homepage": "https://github.com/mozilla/fxa-auth-db-mysql",
27 |   "bugs": {
28 |     "url": "https://github.com/mozilla/fxa-auth-db-mysql/issues"
29 |   },
30 |   "license": "MPL-2.0",
31 |   "dependencies": {
32 |     "base64url": "3.0.0",
33 |     "bluebird": "3.5.2",
34 |     "convict": "4.4.0",
35 |     "fxa-jwtool": "0.7.2",
36 |     "ip": "1.1.5",
37 |     "mozlog": "2.2.0",
38 |     "mysql": "2.16.0",
39 |     "mysql-patcher": "0.7.0",
40 |     "newrelic": "4.10.0",
41 |     "raven": "2.6.4",
42 |     "request": "2.88.0",
43 |     "restify": "7.2.2"
44 |   },
45 |   "optionalDependencies": {
46 |     "scrypt-hash": "1.1.14"
47 |   },
48 |   "devDependencies": {
49 |     "eslint-plugin-fxa": "git+https://github.com/mozilla/eslint-plugin-fxa#master",
50 |     "fxa-conventional-changelog": "1.1.0",
51 |     "grunt": "1.0.3",
52 |     "grunt-bump": "0.8.0",
53 |     "grunt-conventional-changelog": "6.1.0",
54 |     "grunt-copyright": "0.3.0",
55 |     "grunt-eslint": "18.0.0",
56 |     "insist": "1.0.0",
57 |     "load-grunt-tasks": "3.5.0",
58 |     "mocha": "5.2.0",
59 |     "nock": "8.0.0",
60 |     "npmshrink": "2.0.0",
61 |     "nyc": "13.3.0",
62 |     "proxyquire": "1.7.10",
63 |     "restify-clients": "2.0.2",
64 |     "sinon": "1.17.5"
65 |   },
66 |   "keywords": [
67 |     "fxa",
68 |     "firefox",
69 |     "firefox-accounts",
70 |     "backend",
71 |     "storage",
72 |     "mysql"
73 |   ]
74 | }
75 | 


--------------------------------------------------------------------------------
/scripts/.eslintrc:
--------------------------------------------------------------------------------
1 | extends: ../.eslintrc
2 | 
3 | rules:
4 |   fxa/async-crypto-random: 0
5 | 


--------------------------------------------------------------------------------
/scripts/create-triggers-accounts.sh:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env sh
 2 | 
 3 | set -ex
 4 | 
 5 | #############################################
 6 | #                                           #    
 7 | # WARNING: IF $REMOVE_OLD_FXA_DB, this will #
 8 | # delete your local fxa database!!!         # 
 9 | #                                           #    
10 | #############################################
11 | 
12 | # Optionally, initialize a new, empty database.
13 | if [ ! -z "$REMOVE_OLD_FXA_DB" ]; then
14 |   mysql fxa -e 'DROP DATABASE IF EXISTS fxa'
15 | fi
16 | 
17 | # Ensure `fxa`.`accounts` exists.
18 | node ./bin/db_patcher.js
19 | 
20 | # Create _accounts_new from accounts, install the DEL/UPD/INS triggers.
21 | mysql fxa < ./scripts/create-triggers-accounts.sql
22 | mysql fxa -e 'show create table accounts\G show create table _accounts_new\G show triggers\G'
23 | # Compare the two empty initial tables
24 | mysql fxa < ./scripts/union-compare-two-tables.sql
25 | 
26 | # Run equiv. of `npm run test-mysql`, to create/delete/update some rows in
27 | # `fxa`.`accounts`, and then compare that all those changes now appear in
28 | # `fxa`.`_accounts_new`.
29 | NO_COVERAGE=1 node ./scripts/mocha-coverage.js test/backend test/local --exit
30 | mysql fxa < ./scripts/union-compare-two-tables.sql
31 | 
32 | 


--------------------------------------------------------------------------------
/scripts/createAccounts.js:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env node
 2 | 
 3 | /* This Source Code Form is subject to the terms of the Mozilla Public
 4 |  * License, v. 2.0. If a copy of the MPL was not distributed with this
 5 |  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 6 | 
 7 | // For testing purposes only, generate traffic and table size for fxa.accounts.
 8 | 
 9 | const assert = require('insist')
10 | const dbServer = require('../db-server')
11 | const log = require('../test/lib/log')
12 | const DB = require('../lib/db/mysql')(log, dbServer.errors)
13 | const config = require('../config')
14 | const crypto = require('crypto')
15 | 
16 | function randomBuffer16() {
17 |   return crypto.randomBytes(16)
18 | }
19 | 
20 | function randomBuffer32() {
21 |   return crypto.randomBytes(32)
22 | }
23 | 
24 | function now() {
25 |   return Date.now()
26 | }
27 | 
28 | let count = 0
29 | let db
30 | 
31 | function create() {
32 |   var uid = crypto.randomBytes(16)
33 |   var account = {
34 |     uid: uid,
35 |     email: ('' + Math.random()).substr(2) + '@bar.com',
36 |     emailCode: randomBuffer16(),
37 |     emailVerified: false,
38 |     verifierVersion: 1,
39 |     verifyHash: randomBuffer32(),
40 |     authSalt: randomBuffer32(),
41 |     kA: randomBuffer32(),
42 |     wrapWrapKb: randomBuffer32(),
43 |     verifierSetAt: now(),
44 |     createdAt: now(),
45 |     locale : 'en_US',
46 |   }
47 |   account.normalizedEmail = account.email.toLowerCase()
48 | 
49 |   return db.createAccount(uid, account)
50 |     .then(
51 |       function(result) {
52 |         assert.deepEqual(result, {}, 'Returned an empty object on account creation')
53 |         return db.emailRecord(account.email)
54 |       }
55 |     )
56 |     .then(
57 |       function(result) {
58 |         assert.equal(result.createdAt, account.createdAt, 'createdAt set')
59 |         assert.equal(result.email, account.email, 'email set')
60 |         assert.equal(result.emailVerified, 0, 'emailVerified set')
61 |         assert.equal(result.normalizedEmail, account.normalizedEmail, 'normalizedEmail set')
62 |         assert.equal(result.verifierSetAt, account.verifierSetAt, 'verifierSetAt set')
63 |         assert.equal(result.verifierVersion, account.verifierVersion, 'verifierVersion set')
64 |       })
65 | }
66 | 
67 | function init() {
68 |   return DB.connect(config).then(db_ => {
69 |     db = db_
70 |     return db.ping()
71 |   })
72 | }
73 | 
74 | function createAccount() {
75 |   return create()
76 |     .then(() => {
77 |       console.log('done', ++count) //eslint-disable-line no-console
78 |       if (count >= 50000) {
79 |         process.exit(0)
80 |       }
81 |     })
82 |     .catch((err) => console.error(err)) //eslint-disable-line no-console
83 | }
84 | 
85 | init()
86 |   .then(() => {
87 |     setInterval(createAccount, 5)
88 |   })
89 | 


--------------------------------------------------------------------------------
/scripts/metrics-loop.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/sh
 2 | 
 3 | # This Source Code Form is subject to the terms of the Mozilla Public
 4 | # License, v. 2.0. If a copy of the MPL was not distributed with this
 5 | # file, You can obtain one at http://mozilla.org/MPL/2.0/.
 6 | 
 7 | # This script should not be run directly. It is invoked by metrics-perf.sh
 8 | # to repeatedly and serially execute the metrics queries in a background
 9 | # process.
10 | 
11 | while :
12 | do
13 |   "`dirname $0`/../bin/metrics.js" "$1" > /dev/null 2>&1
14 | done
15 | 
16 | 


--------------------------------------------------------------------------------
/scripts/metrics-perf.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/sh
 2 | 
 3 | # This Source Code Form is subject to the terms of the Mozilla Public
 4 | # License, v. 2.0. If a copy of the MPL was not distributed with this
 5 | # file, You can obtain one at http://mozilla.org/MPL/2.0/.
 6 | 
 7 | # This script runs the auth-server load tests in two sets of five.
 8 | # The first set are presented as benchmark times. The second set are
 9 | # executed concurrently with the (serially-repeated) metrics queries.
10 | # The sets are of five so that we can discard outliers and compare
11 | # the median value from each. You should bump up the value of COUNT
12 | # to a bigger odd number if it looks like the distribution of results
13 | # warrants it.
14 | #
15 | # Usage: scripts/metrics-perf.sh <load-test path> <metrics.conf path>
16 | #
17 | # Example: scripts/metrics-perf.sh ~/code/fxa-auth-server/test/load ~/fxa-metrics.conf
18 | #
19 | # For the format of metrics.conf, see:
20 | #
21 | # https://github.com/mozilla-services/puppet-config/blob/master/fxa/modules/fxa_admin/templates/gather_basic_metrics.conf.erb
22 | 
23 | if [ "$1" = '' ]
24 | then
25 |   echo 'You must specify the path to the auth-server load-testing directory.'
26 |   exit 1
27 | fi
28 | 
29 | COUNT=5
30 | THIS_DIR="`pwd`"
31 | TEST_DIR="$1"
32 | 
33 | run_tests()
34 | {
35 |   INDEX=0
36 |   AGGREGATE_REQUESTS=
37 |   AGGREGATE_REQUESTS_PER_SECOND=
38 |   AGGREGATE_REQUEST_TIME=
39 | 
40 |   cd "$TEST_DIR"
41 | 
42 |   while [ $INDEX -lt $COUNT ]
43 |   do
44 |     BENCHMARK=`make bench`
45 |     REQUESTS=`echo "$BENCHMARK" | grep 'Hits:' | cut -d ' ' -s -f 2`
46 |     REQUESTS_PER_SECOND=`echo "$BENCHMARK" | grep 'Approximate Average RPS:' | cut -d ' ' -s -f 4`
47 |     REQUEST_TIME=`echo "$BENCHMARK" | grep 'Average request time:' | sed -n '1p' | cut -d ' ' -s -f 4`
48 | 
49 |     if [ "$AGGREGATE_REQUESTS" = '' ]
50 |     then
51 |       AGGREGATE_REQUESTS=$REQUESTS
52 |       AGGREGATE_REQUESTS_PER_SECOND=$REQUESTS_PER_SECOND
53 |       AGGREGATE_REQUEST_TIME=$REQUEST_TIME
54 |     else
55 |       AGGREGATE_REQUESTS="$AGGREGATE_REQUESTS $REQUESTS"
56 |       AGGREGATE_REQUESTS_PER_SECOND="$AGGREGATE_REQUESTS_PER_SECOND $REQUESTS_PER_SECOND"
57 |       AGGREGATE_REQUEST_TIME="$AGGREGATE_REQUEST_TIME $REQUEST_TIME"
58 |     fi
59 | 
60 |     INDEX=`expr $INDEX + 1`
61 |   done
62 | 
63 |   cd "$THIS_DIR"
64 | 
65 |   echo "$1 number of requests: $AGGREGATE_REQUESTS"
66 |   echo "$1 requests per second: $AGGREGATE_REQUESTS_PER_SECOND"
67 |   echo "$1 request time: $AGGREGATE_REQUEST_TIME"
68 | }
69 | 
70 | run_tests "Benchmark"
71 | 
72 | if [ "$2" = '' ]
73 | then
74 |   echo 'No metrics.conf path specified. Run the metrics loop separately,'
75 |   read -rsp 'then press any key to continue...' -n 1 key
76 |   echo
77 | else
78 |   "`dirname $0`/metrics-loop.sh" "$2" &
79 |   METRICS_PID=$!
80 | fi
81 | 
82 | run_tests "  Metrics"
83 | 
84 | if [ "$2" = '' ]
85 | then
86 |   echo 'You may now kill your metrics loop.'
87 | else
88 |   kill -15 $METRICS_PID
89 | fi
90 | 
91 | 


--------------------------------------------------------------------------------
/scripts/migration.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/sh
 2 | 
 3 | PATCH_SRC="lib/db/patch.js"
 4 | PREV_LEVEL=`grep '^module.exports.level = [1-9][0-9]*$' "$PATCH_SRC" | cut -d ' ' -f 3`
 5 | 
 6 | if [ "$PREV_LEVEL" = "" ]; then
 7 |   echo "Failed to parse $PATCH_SRC, aborting."
 8 |   exit 1
 9 | fi
10 | 
11 | if [ `expr $PREV_LEVEL` -lt 100 ]; then
12 |   PREV_LEVEL_PADDED="0$PREV_LEVEL"
13 | else
14 |   PREV_LEVEL_PADDED="$PREV_LEVEL"
15 | fi
16 | 
17 | NEW_LEVEL=`expr $PREV_LEVEL + 1`
18 | 
19 | if [ `expr $NEW_LEVEL` -lt 100 ]; then
20 |   NEW_LEVEL_PADDED="0$NEW_LEVEL"
21 | else
22 |   NEW_LEVEL_PADDED="$NEW_LEVEL"
23 | fi
24 | 
25 | FWD_SCHEMA="lib/db/schema/patch-$PREV_LEVEL_PADDED-$NEW_LEVEL_PADDED.sql"
26 | REV_SCHEMA="lib/db/schema/patch-$NEW_LEVEL_PADDED-$PREV_LEVEL_PADDED.sql"
27 | 
28 | if [ -f "$FWD_SCHEMA" -o -f "$REV_SCHEMA" ]; then
29 |   echo "Migration already exists for patch level $NEW_LEVEL, aborting."
30 |   exit 1
31 | fi
32 | 
33 | printf "Generating migration boilerplate for patch level $NEW_LEVEL..."
34 | 
35 | echo "SET NAMES utf8mb4 COLLATE utf8mb4_bin;\n" > "$FWD_SCHEMA"
36 | echo "CALL assertPatchLevel('$PREV_LEVEL');\n" >> "$FWD_SCHEMA"
37 | echo "-- TODO: Implement your forward migration here\n" >> "$FWD_SCHEMA"
38 | echo "UPDATE dbMetadata SET value = '$NEW_LEVEL' WHERE name = 'schema-patch-level';" >> "$FWD_SCHEMA"
39 | 
40 | echo "-- SET NAMES utf8mb4 COLLATE utf8mb4_bin;\n" > "$REV_SCHEMA"
41 | echo '-- -- TODO: Implement your *commented-out* reverse migration here\n' >> "$REV_SCHEMA"
42 | echo "-- UPDATE dbMetadata SET value = '$PREV_LEVEL' WHERE name = 'schema-patch-level';" >> "$REV_SCHEMA"
43 | 
44 | sed -i '' "s/^module.exports.level = $PREV_LEVEL\$/module.exports.level = $NEW_LEVEL/" $PATCH_SRC
45 | 
46 | printf " done!\n\n"
47 | 
48 | git status
49 | 
50 | 


--------------------------------------------------------------------------------
/scripts/mocha-coverage.js:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env node
 2 | 
 3 | /* This Source Code Form is subject to the terms of the Mozilla Public
 4 |  * License, v. 2.0. If a copy of the MPL was not distributed with this
 5 |  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 6 | 
 7 | 'use strict'
 8 | 
 9 | const path = require('path')
10 | const spawn = require('child_process').spawn
11 | 
12 | const MOCHA_BIN = path.join(path.dirname(__dirname), 'node_modules', '.bin', 'mocha')
13 | const NYC_BIN = path.join(path.dirname(__dirname), 'node_modules', '.bin', 'nyc')
14 | 
15 | let bin = NYC_BIN
16 | let argv = ['--cache', MOCHA_BIN]
17 | 
18 | if (process.env.NO_COVERAGE) {
19 |   bin = MOCHA_BIN
20 |   argv = []
21 | }
22 | 
23 | const p = spawn(bin, argv.concat(process.argv.slice(2)), { stdio: 'inherit', env: process.env })
24 | 
25 | // exit this process with the same exit code as the test process
26 | p.on('close', function (code) {
27 |   process.exit(code)
28 | })
29 | 


--------------------------------------------------------------------------------
/scripts/rpm-version.js:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env node
 2 | /* This Source Code Form is subject to the terms of the Mozilla Public
 3 |  * License, v. 2.0. If a copy of the MPL was not distributed with this
 4 |  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 5 | 
 6 | var cp = require('child_process')
 7 | var util = require('util')
 8 | 
 9 | // Generate legacy-format output that looks something like:
10 | //
11 | // {
12 | //   "version": {
13 | //     "hash": "88f6f24e53da56faa933c357bffb61cbeaec7ff3",
14 | //     "subject": "Merge pull request #2939 from vladikoff/sentry-patch3",
15 | //     "committer date": "1439472293",
16 | //     "source": "git://github.com/mozilla/fxa-content-server.git"
17 | //   }
18 | // }
19 | //
20 | // This content is placed in the stage/prod rpm at `./config/version.json`.
21 | // Ignore errors and always produce a (possibly empty struct) output.
22 | 
23 | var args = '{"hash":"%H","subject":"%s","committer date":"%ct"}'
24 | var cmd = util.format('git --no-pager log --format=format:\'%s\' -1', args)
25 | cp.exec(cmd, function (err, stdout) {
26 |   var info = {
27 |     version: JSON.parse(stdout || '{}')
28 |   }
29 | 
30 |   var cmd = 'git config --get remote.origin.url'
31 |   cp.exec(cmd, function (err, stdout) {
32 |     info.version.source = (stdout && stdout.trim()) || ''
33 |     console.log(JSON.stringify(info, null, 2)) //eslint-disable-line no-console
34 |   })
35 | })
36 | 
37 | 


--------------------------------------------------------------------------------
/scripts/union-compare-two-tables.sql:
--------------------------------------------------------------------------------
 1 | -- In comparing two tables, where one of the tables has additional columns
 2 | -- that do not exist in the other table, we only compare the columns that
 3 | -- exist in both tables.
 4 | 
 5 | SELECT
 6 |   HEX(uid) AS uid,
 7 |   normalizedEmail,
 8 |   email,
 9 |   HEX(emailCode) AS emailCode,
10 |   emailVerified,
11 |   HEX(kA) AS kA,
12 |   HEX(wrapWrapKb) AS wrapWrapKb,
13 |   HEX(authSalt) AS authSalt,
14 |   HEX(verifyHash) AS verifyHash,
15 |   verifierVersion,
16 |   FROM_UNIXTIME(verifierSetAt/1000) AS verifierSetAt,
17 |   FROM_UNIXTIME(createdAt/1000) AS createdAt,
18 |   LEFT(locale, 16) AS locale,
19 |   FROM_UNIXTIME(lockedAt/1000) AS lockedAt
20 | FROM (
21 |   SELECT
22 |     uid,
23 |     normalizedEmail,
24 |     email,
25 |     emailCode,
26 |     emailVerified,
27 |     kA,
28 |     wrapWrapKb,
29 |     authSalt,
30 |     verifyHash,
31 |     verifierVersion,
32 |     verifierSetAt,
33 |     createdAt,
34 |     locale,
35 |     lockedAt
36 |   FROM accounts
37 | 
38 |   UNION ALL
39 | 
40 |   SELECT
41 |     uid,
42 |     normalizedEmail,
43 |     email,
44 |     emailCode,
45 |     emailVerified,
46 |     kA,
47 |     wrapWrapKb,
48 |     authSalt,
49 |     verifyHash,
50 |     verifierVersion,
51 |     verifierSetAt,
52 |     createdAt,
53 |     locale,
54 |     lockedAt                    
55 |   FROM _accounts_new
56 | ) AS t
57 | GROUP BY
58 |   t.uid,                        
59 |   t.normalizedEmail,            
60 |   t.email,                      
61 |   t.emailCode,                  
62 |   t.emailVerified,              
63 |   t.kA,                         
64 |   t.wrapWrapKb,                 
65 |   t.authSalt,                   
66 |   t.verifyHash,                 
67 |   t.verifierVersion,            
68 |   t.verifierSetAt,              
69 |   t.createdAt,                  
70 |   t.locale,                     
71 |   t.lockedAt  
72 | 
73 | -- Two rows with all fields identical are grouped together into 1 row with a
74 | -- count of 2.  If there is a mismatches between the two tables, two separate
75 | -- rows with a count of 1 wil be output by this query.
76 | HAVING COUNT(*) = 1 
77 | ORDER BY t.uid
78 | LIMIT 100
79 | 


--------------------------------------------------------------------------------
/test/.eslintrc:
--------------------------------------------------------------------------------
1 | extends: ../.eslintrc
2 | 
3 | env:
4 |   mocha: true
5 | 
6 | rules:
7 |   fxa/async-crypto-random: 0
8 | 


--------------------------------------------------------------------------------
/test/backend/db_tests.js:
--------------------------------------------------------------------------------
1 | /* Any copyright is dedicated to the Public Domain.
2 |  * http://creativecommons.org/publicdomain/zero/1.0/ */
3 | 
4 | require('../harness').dbTests('mysql')
5 | 


--------------------------------------------------------------------------------
/test/backend/remote.js:
--------------------------------------------------------------------------------
1 | /* Any copyright is dedicated to the Public Domain.
2 |  * http://creativecommons.org/publicdomain/zero/1.0/ */
3 | 
4 | require('../harness').remote('mysql')
5 | 


--------------------------------------------------------------------------------
/test/db_server_stub.js:
--------------------------------------------------------------------------------
1 | /* This Source Code Form is subject to the terms of the Mozilla Public
2 |  * License, v. 2.0. If a copy of the MPL was not distributed with this
3 |  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
4 | 
5 | require('../bin/server')
6 | 


--------------------------------------------------------------------------------
/test/harness.js:
--------------------------------------------------------------------------------
 1 | /* Any copyright is dedicated to the Public Domain.
 2 |  * http://creativecommons.org/publicdomain/zero/1.0/ */
 3 | 
 4 | 'use strict'
 5 | 
 6 | const dbServer = require('../db-server')
 7 | const backendTests = require('../db-server/test/backend')
 8 | const config = require('../config')
 9 | const log = require('./lib/log')
10 | const P = require('bluebird')
11 | 
12 | const DBS = {
13 |   mem: require('../lib/db/mem'),
14 |   mysql: require('../lib/db/mysql')
15 | }
16 | 
17 | exports.dbTests = function dbTests(backend) {
18 |   const DB = DBS[backend](log, dbServer.errors)
19 | 
20 |   backendTests.dbTests(config, DB)
21 | }
22 | 
23 | exports.remote = function remote(backend) {
24 |   const DB = DBS[backend](log, dbServer.errors)
25 | 
26 |   backendTests.remote(config, () => {
27 |     return DB.connect(config)
28 |     .then(function (newDb) {
29 |       const db = newDb
30 |       const server = dbServer.createServer(db)
31 |       const d = P.defer()
32 |       const close = server.close
33 |       server.close = () => {
34 |         close.call(server)
35 |         return db.close()
36 |       }
37 |       server.listen(config.port, config.hostname, function() {
38 |         d.resolve(server)
39 |       })
40 |       return d.promise
41 |     })
42 |   })
43 | }
44 | 


--------------------------------------------------------------------------------
/test/lib/log.js:
--------------------------------------------------------------------------------
 1 | /* Any copyright is dedicated to the Public Domain.
 2 |  * http://creativecommons.org/publicdomain/zero/1.0/ */
 3 | 
 4 | const assert = require('assert');
 5 | 
 6 | // all the promise wrapping in tests makes it unclear who actually 
 7 | // called mozlog incorrectly. So, record this location directly.
 8 | function getMozlogCallerLocation() {
 9 |   var err = new Error('getMozlogCallerLocation').stack.split('\n')[3]
10 |   return err
11 | }
12 | 
13 | // no-op except check that first arg is a string, etc., a la mozlog
14 | var noop = function () {
15 |   assert(arguments.length <= 2, 'mozlog takes a maximum of 2 arguments' + 
16 |          ', caller: ' + getMozlogCallerLocation())
17 |   assert.equal(typeof arguments[0], 'string',
18 |                'mozlog must take a String as first argument, got: ' + 
19 |                JSON.stringify(arguments[0]) + ', caller: ' + getMozlogCallerLocation())
20 |   assert.equal(arguments[0].indexOf(' '), -1,
21 |                'mozlog first argument must not contain spaces, got "' +
22 |                JSON.stringify(arguments[0]) + '"' + 
23 |                ', caller: ' + getMozlogCallerLocation())
24 | }
25 | 
26 | module.exports = {
27 |   trace: noop,
28 |   debug: noop,
29 |   info: noop,
30 |   warn: noop,
31 |   error: noop,
32 |   stat: noop
33 | }
34 | 


--------------------------------------------------------------------------------
/test/local/constants_test.js:
--------------------------------------------------------------------------------
 1 | /* Any copyright is dedicated to the Public Domain.
 2 |  * http://creativecommons.org/publicdomain/zero/1.0/ */
 3 | 
 4 | const assert = require('insist')
 5 | const constants = require('../../lib/constants')
 6 | describe('constants', () => {
 7 |   it(
 8 |     'constants exports DATABASE_NAME fxa',
 9 |     () => {
10 |       constants.DATABASE_NAME = 'test'
11 |       assert.equal(constants.DATABASE_NAME, 'fxa')
12 |     })
13 | })
14 | 


--------------------------------------------------------------------------------
/test/local/incorrect-patch-level.js:
--------------------------------------------------------------------------------
 1 | /* Any copyright is dedicated to the Public Domain.
 2 |  * http://creativecommons.org/publicdomain/zero/1.0/ */
 3 | 
 4 | 'use strict'
 5 | 
 6 | const assert = require('insist')
 7 | const dbServer = require('../../db-server')
 8 | const log = require('../lib/log')
 9 | const DB = require('../../lib/db/mysql')(log, dbServer.errors)
10 | const config = require('../../config')
11 | const patch = require('../../lib/db/patch')
12 | 
13 | 
14 | describe('DB patch', () => {
15 | 
16 |   let originalPatch
17 |   before(() => {
18 |     originalPatch = patch.level
19 |     patch.level = 1000000
20 |   })
21 | 
22 |   it('should error with incorrect patchVersion', () => {
23 |     return DB.connect(config)
24 |       .then(
25 |         db => {
26 |           assert(false, 'DB.connect should have failed on an incorrect patchVersion')
27 |         },
28 |         err => {
29 |           assert.equal(typeof err, 'object')
30 |           assert(err instanceof Error)
31 |           assert.equal(err.message, 'dbIncorrectPatchLevel')
32 |         }
33 |       )
34 |   })
35 | 
36 |   after(() => {
37 |     patch.level = originalPatch
38 |   })
39 | 
40 | })
41 | 


--------------------------------------------------------------------------------
/test/local/log-stats.js:
--------------------------------------------------------------------------------
 1 | /* Any copyright is dedicated to the Public Domain.
 2 |  * http://creativecommons.org/publicdomain/zero/1.0/ */
 3 | 
 4 | 'use strict'
 5 | 
 6 | const assert = require('insist')
 7 | const dbServer = require('../../db-server')
 8 | const P = require('../../lib/promise')
 9 | const config = require('../../config')
10 | 
11 | config.logLevel = 'info'
12 | config.statInterval = 100
13 | 
14 | const log = Object.assign({}, require('../lib/log'))
15 | 
16 | // monkeypatch log.info to hook into db/mysql.js:statInterval
17 | const dfd = P.defer()
18 | log.info = function(msg, stats) {
19 |   if (msg !== 'stats') {
20 |     return
21 |   }
22 |   dfd.resolve(stats)
23 | }
24 | 
25 | const DB = require('../../lib/db/mysql')(log, dbServer.errors)
26 | 
27 | describe('DB statInterval', () => {
28 | 
29 |   let db
30 |   before(() => {
31 |     return DB.connect(config).then(db_ => {
32 |       db = db_
33 |     })
34 |   })
35 | 
36 |   it('should log stats periodically', () => {
37 |     return dfd.promise
38 |       .then(stats => {
39 |         assert.equal(typeof stats, 'object')
40 |         assert.equal(stats.stat, 'mysql')
41 |         assert.equal(stats.errors, 0)
42 |         assert.equal(stats.connections, 1)
43 |       })
44 |   })
45 | 
46 |   after(() => db.close())
47 | 
48 | })
49 | 


--------------------------------------------------------------------------------
/test/local/random.js:
--------------------------------------------------------------------------------
 1 | /* Any copyright is dedicated to the Public Domain.
 2 |  * http://creativecommons.org/publicdomain/zero/1.0/ */
 3 | 
 4 | 'use strict'
 5 | 
 6 | const assert = require('insist')
 7 | 
 8 | const base32 = require('../../lib/db/random')
 9 | 
10 | describe('random', () => {
11 |   it('should generate random code', () => {
12 |     return base32(10)
13 |       .then(code => {
14 |         assert.equal(code.length, 10)
15 |         assert.equal(code.indexOf('i'), -1, 'should not contain i')
16 |         assert.equal(code.indexOf('l'), -1, 'should not contain l')
17 |         assert.equal(code.indexOf('o'), -1, 'should not contain o')
18 |         assert.equal(code.indexOf('u'), -1, 'should not contain u')
19 |       })
20 |   })
21 | })
22 | 


--------------------------------------------------------------------------------
/test/mem/db_tests.js:
--------------------------------------------------------------------------------
1 | /* Any copyright is dedicated to the Public Domain.
2 |  * http://creativecommons.org/publicdomain/zero/1.0/ */
3 | 
4 | require('../harness').dbTests('mem')
5 | 


--------------------------------------------------------------------------------
/test/mem/remote.js:
--------------------------------------------------------------------------------
1 | /* Any copyright is dedicated to the Public Domain.
2 |  * http://creativecommons.org/publicdomain/zero/1.0/ */
3 | 
4 | require('../harness').remote('mem')
5 | 


--------------------------------------------------------------------------------