Avoid Native Queries

[overheadhunter]

Fixes #222 by reverting native queries back to @NamedQuery.

AccessToken

The unlock @NamedQuery avoids any join on User:

SELECT token
FROM AccessToken token
INNER JOIN EffectiveVaultAccess perm ON token.id.vaultId = perm.id.vaultId AND token.id.userId = perm.id.authorityId
WHERE token.id.vaultId = :vaultId AND token.id.userId = :userId

Hibernate translates this to the following:

    select
        a1_0."user_id",
        a1_0."vault_id",
        a1_0."vault_masterkey" 
    from
        "access_token" a1_0 
    join
        "effective_vault_access" e1_0 
            on a1_0."vault_id"=e1_0."vault_id" 
            and a1_0."user_id"=e1_0."authority_id" 
    where
        a1_0."vault_id"=? 
        and a1_0."user_id"=? fetch first ? rows only

LegacyAccessToken

This is the @NamedQuery:

SELECT token
FROM LegacyAccessToken token
INNER JOIN LegacyDevice device ON device.id = token.id.deviceId
INNER JOIN EffectiveVaultAccess perm ON token.id.vaultId = perm.id.vaultId AND device.ownerId = perm.id.authorityId
WHERE token.id.vaultId = :vaultId AND token.id.deviceId = :deviceId AND device.ownerId = :userId

Hibernate translates this to the following:

    select
        l1_0."device_id",
        l1_0."vault_id",
        l1_0."jwe" 
    from
        "access_token_legacy" l1_0 
    join
        "device_legacy" l2_0 
            on l2_0."id"=l1_0."device_id" 
    join
        "effective_vault_access" e1_0 
            on l1_0."vault_id"=e1_0."vault_id" 
            and l2_0."owner_id"=e1_0."authority_id" 
    where
        l1_0."vault_id"=? 
        and l1_0."device_id"=? 
        and l2_0."owner_id"=?

Summary by CodeRabbit

• Refactor
  • Updated access token retrieval to use a named query for improved maintainability.
  • Transitioned from native SQL to JPQL in LegacyAccessToken to enhance database compatibility.
• New Features
  • Introduced an ownerId field to LegacyDevice for better ownership tracking.

[coderabbitai[bot]]

Walkthrough

The recent updates involve modifying the AccessToken and LegacyAccessToken classes to favor JPQL over native SQL queries and introducing a new field in the LegacyDevice class. These changes aim to enhance maintainability and compatibility with Hibernate ORM, addressing concerns related to the use of native SQL for unlocking mechanisms and ensuring that the refactored access management system is robust before its release.

Changes

File Path	Change Summary
.../entities/AccessToken.java	Added a JPQL named query for retrieving access tokens and updated the unlock method.
.../entities/LegacyAccessToken.java	Replaced @NamedNativeQuery with @NamedQuery using JPQL syntax.
.../entities/LegacyDevice.java	Added a new ownerId field of type String.

Assessment against linked issues

Objective	Addressed	Explanation
Revert the specific commit affecting native unlock calls before shipping the refactored access management (#222)	✅
Avoid downgrading Quarkus or Hibernate ORM due to compatibility issues (#222)	✅
Ensure the changes align with Hibernate ORM's anticipated versions (#222)	✅

Poem

In the realm of code, where bugs often hop, A rabbit worked hard, making changes non-stop. With JPQL in place, and SQL aside, 🐇💻 Celebrates the release, with joy and pride.

Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

Share

- [X](https://twitter.com/intent/tweet?text=I%20just%20used%20%40coderabbitai%20for%20my%20code%20review%2C%20and%20it%27s%20fantastic%21%20It%27s%20free%20for%20OSS%20and%20offers%20a%20free%20trial%20for%20the%20proprietary%20code.%20Check%20it%20out%3A&url=https%3A//coderabbit.ai) - [Mastodon](https://mastodon.social/share?text=I%20just%20used%20%40coderabbitai%20for%20my%20code%20review%2C%20and%20it%27s%20fantastic%21%20It%27s%20free%20for%20OSS%20and%20offers%20a%20free%20trial%20for%20the%20proprietary%20code.%20Check%20it%20out%3A%20https%3A%2F%2Fcoderabbit.ai) - [Reddit](https://www.reddit.com/submit?title=Great%20tool%20for%20code%20review%20-%20CodeRabbit&text=I%20just%20used%20CodeRabbit%20for%20my%20code%20review%2C%20and%20it%27s%20fantastic%21%20It%27s%20free%20for%20OSS%20and%20offers%20a%20free%20trial%20for%20proprietary%20code.%20Check%20it%20out%3A%20https%3A//coderabbit.ai) - [LinkedIn](https://www.linkedin.com/sharing/share-offsite/?url=https%3A%2F%2Fcoderabbit.ai&mini=true&title=Great%20tool%20for%20code%20review%20-%20CodeRabbit&summary=I%20just%20used%20CodeRabbit%20for%20my%20code%20review%2C%20and%20it%27s%20fantastic%21%20It%27s%20free%20for%20OSS%20and%20offers%20a%20free%20trial%20for%20proprietary%20code)

---

Tips

### Chat There are 3 ways to chat with CodeRabbit: - Review comments: Directly reply to a review comment made by CodeRabbit. Example: - `I pushed a fix in commit .` - `Generate unit-tests for this file.` - Files and specific lines of code (under the "Files changed" tab): Tag `@coderabbitai` in a new review comment at the desired location with your query. Examples: - `@coderabbitai generate unit tests for this file.` - `@coderabbitai modularize this function.` - PR comments: Tag `@coderabbitai` in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples: - `@coderabbitai generate interesting stats about this repository from git and render them as a table.` - `@coderabbitai show all the console.log statements in this repository.` - `@coderabbitai read src/utils.ts and generate unit tests.` - `@coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.` Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments. ### CodeRabbit Commands (invoked as PR comments) - `@coderabbitai pause` to pause the reviews on a PR. - `@coderabbitai resume` to resume the paused reviews. - `@coderabbitai review` to trigger a review. This is useful when automatic reviews are disabled for the repository. - `@coderabbitai resolve` resolve all the CodeRabbit review comments. - `@coderabbitai help` to get help. Additionally, you can add `@coderabbitai ignore` anywhere in the PR description to prevent this PR from being reviewed. ### CodeRabbit Configration File (`.coderabbit.yaml`) - You can programmatically configure CodeRabbit by adding a `.coderabbit.yaml` file to the root of your repository. - The JSON schema for the configuration file is available [here](https://coderabbit.ai/integrations/coderabbit-overrides.v2.json). - If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: `# yaml-language-server: $schema=https://coderabbit.ai/integrations/coderabbit-overrides.v2.json` ### CodeRabbit Discord Community Join our [Discord Community](https://discord.com/invite/GsXnASn26c) to get help, request features, and share feedback.