search

juanifioren / django-oidc-provider

OpenID Connect and OAuth2 provider implementation for Djangonauts.
http://django-oidc-provider.readthedocs.org
MIT License
416 stars 239 forks source link

Fix ResponseType data migration #381

Closed Urth closed 9 months ago

Urth commented 3 years ago

If oidc provider is used in a multi database setup it may not be used on the default database alone. And when used in a database mirror setup the migration could be executed on a different db alias/transaction.

This can cause migration failures because the ReponseType table is created on the database passed to the migrate command while the data is inserted in the database returned from the database router. Depending on the configuration the ResponseType table may not exist for that database yet or the ResponseType data was already migrated resulting in a DatabaseError and IntegrityError respectively.

nicwolff commented 2 years ago

@juanifioren Please merge this! It's preventing us from upgrading Django.

Urth commented 2 years ago

If you can upgrade to Django 3.2 this problem is mitigated by https://code.djangoproject.com/ticket/29052

nicwolff commented 2 years ago

This migration still fails in Django 3.2, because the two ORM calls use different connections – note the different PIDs on these log lines:

2022-01-12 21:00:22.670 UTC [37] LOG:  statement: BEGIN
2022-01-12 21:00:22.671 UTC [37] LOG:  statement: CREATE TABLE "oidc_provider_responsetype" ("id" serial NOT NULL PRIMARY KEY, "value" varchar(30) NOT NULL UNIQUE, "description" varchar(50) NOT NULL)
2022-01-12 21:00:22.870 UTC [37] LOG:  statement: CREATE TABLE "oidc_provider_client_response_types" ("id" serial NOT NULL PRIMARY KEY, "client_id" integer NOT NULL, "responsetype_id" integer NOT NULL)
2022-01-12 21:00:22.980 UTC [37] LOG:  statement: INSERT INTO "oidc_provider_responsetype" ("value", "description") VALUES ('code', 'code (Authorization Code Flow)') RETURNING "oidc_provider_responsetype"."id"
2022-01-12 21:00:22.983 UTC [37] LOG:  statement: INSERT INTO "oidc_provider_responsetype" ("value", "description") VALUES ('id_token', 'id_token (Implicit Flow)') RETURNING "oidc_provider_responsetype"."id"
2022-01-12 21:00:22.985 UTC [37] LOG:  statement: INSERT INTO "oidc_provider_responsetype" ("value", "description") VALUES ('id_token token', 'id_token token (Implicit Flow)') RETURNING "oidc_provider_responsetype"."id"
2022-01-12 21:00:22.987 UTC [37] LOG:  statement: INSERT INTO "oidc_provider_responsetype" ("value", "description") VALUES ('code token', 'code token (Hybrid Flow)') RETURNING "oidc_provider_responsetype"."id"
2022-01-12 21:00:22.988 UTC [37] LOG:  statement: INSERT INTO "oidc_provider_responsetype" ("value", "description") VALUES ('code id_token', 'code id_token (Hybrid Flow)') RETURNING "oidc_provider_responsetype"."id"
2022-01-12 21:00:22.990 UTC [37] LOG:  statement: INSERT INTO "oidc_provider_responsetype" ("value", "description") VALUES ('code id_token token', 'code id_token token (Hybrid Flow)') RETURNING "oidc_provider_responsetype"."id"
2022-01-12 21:00:22.999 UTC [38] LOG:  statement: SET TIME ZONE 'UTC'
2022-01-12 21:00:23.001 UTC [38] LOG:  statement: SELECT "oidc_provider_client"."id", "oidc_provider_client"."name", "oidc_provider_client"."client_id", "oidc_provider_client"."client_secret", "oidc_provider_client"."response_type", "oidc_provider_client"."_redirect_uris", "oidc_provider_client"."date_created", "oidc_provider_client"."client_type", "oidc_provider_client"."jwt_alg", "oidc_provider_client"."contact_email", "oidc_provider_client"."logo", "oidc_provider_client"."terms_url", "oidc_provider_client"."website_url", "oidc_provider_client"."_post_logout_redirect_uris", "oidc_provider_client"."require_consent", "oidc_provider_client"."reuse_consent", "oidc_provider_client"."owner_id", "oidc_provider_client"."_scope" FROM "oidc_provider_client"
2022-01-12 21:00:23.005 UTC [38] LOG:  statement: SELECT "oidc_provider_responsetype"."id", "oidc_provider_responsetype"."value", "oidc_provider_responsetype"."description" FROM "oidc_provider_responsetype" WHERE "oidc_provider_responsetype"."value" = '' LIMIT 21
2022-01-12 21:00:23.005 UTC [38] ERROR:  relation "oidc_provider_responsetype" does not exist at character 129
2022-01-12 21:00:23.005 UTC [38] STATEMENT:  SELECT "oidc_provider_responsetype"."id", "oidc_provider_responsetype"."value", "oidc_provider_responsetype"."description" FROM "oidc_provider_responsetype" WHERE "oidc_provider_responsetype"."value" = '' LIMIT 21
2022-01-12 21:00:23.006 UTC [37] LOG:  statement: ROLLBACK

Please merge this!