gitpod-io · roboquat · Feb 14, 2022 · Feb 14, 2022
@@ -192,7 +192,6 @@ const gitpodServiceMock = createServiceMock({
                 "clientId": "clientid-123",
                 "clientSecret": "redacted"
             },
-            "oauthRevision": "some-revision",
             "deleted": false
         }]
     },

@@ -16,8 +16,19 @@ packages:
   - name: migrations
     type: yarn
     srcs:
-      - "src/**/*.ts"
-      - package.json
+      - "src/typeorm/migration/**/*.ts"
+      - "src/typeorm/migrate-migrations-0_2_0.ts"
+      - "src/typeorm/entity/*.ts"
+      - "src/typeorm/ormconfig.ts"
+      - "src/typeorm/typeorm.ts"
+      - "src/typeorm/naming-strategy.ts"
+      - "src/typeorm/user-db-impl.ts"
+      - "src/typeorm/transformer.ts"
+      - "src/config.ts"
+      - "src/wait-for-db.ts"
+      - "src/migrate-migrations.ts"
+      - "src/user-db.ts"
+      - "package.json"
     deps:
       - components/gitpod-protocol:lib
     config:
@@ -53,7 +64,6 @@ packages:
       - DB_PORT=23306
       - DB_USER=root
       - DB_PASSWORD=test
-      - DB_ENCRYPTION_KEYS=[{"name":"general","version":1,"primary":true,"material":"5vRrp0H4oRgdkPnX1qQcS54Q0xggr6iyho42IQ1rO+c="}]
     ephemeral: true
     config:
       commands:

@@ -5,21 +5,15 @@
  */
 
 import { AuthProviderEntry as AuthProviderEntry } from "@gitpod/gitpod-protocol";
-import { createHash } from "crypto";
 
 export const AuthProviderEntryDB = Symbol('AuthProviderEntryDB');
 
 export interface AuthProviderEntryDB {
-    storeAuthProvider(ap: AuthProviderEntry, updateOAuthRevision: boolean): Promise<AuthProviderEntry>;
+    storeAuthProvider(ap: AuthProviderEntry): Promise<AuthProviderEntry>;
 
     delete(ap: AuthProviderEntry): Promise<void>;
 
-    findAll(exceptOAuthRevisions?: string[]): Promise<AuthProviderEntry[]>;
-    findAllHosts(): Promise<string[]>;
+    findAll(): Promise<AuthProviderEntry[]>;
     findByHost(host: string): Promise<AuthProviderEntry | undefined>;
     findByUserId(userId: string): Promise<AuthProviderEntry[]>;
 }
-
-export function hashOAuth(oauth: AuthProviderEntry["oauth"]): string {
-    return createHash('sha256').update(JSON.stringify(oauth)).digest('hex');
-}
@@ -11,7 +11,6 @@ import { AuthProviderEntry } from "@gitpod/gitpod-protocol";
 import { AuthProviderEntryDB } from "../auth-provider-entry-db";
 import { DBAuthProviderEntry } from "./entity/db-auth-provider-entry";
 import { DBIdentity } from "./entity/db-identity";
-import { createHash } from "crypto";
 
 @injectable()
 export class AuthProviderEntryDBImpl implements AuthProviderEntryDB {
@@ -29,11 +28,8 @@ export class AuthProviderEntryDBImpl implements AuthProviderEntryDB {
         return (await this.getEntityManager()).getRepository<DBIdentity>(DBIdentity);
     }
 
-    async storeAuthProvider(ap: AuthProviderEntry, updateOAuthRevision: boolean): Promise<AuthProviderEntry> {
+    async storeAuthProvider(ap: AuthProviderEntry): Promise<AuthProviderEntry> {
         const repo = await this.getAuthProviderRepo();
-        if (updateOAuthRevision) {
-            (ap.oauthRevision as any) = this.oauthContentHash(ap.oauth);
-        }
         return repo.save(ap);
     }
 
@@ -49,27 +45,11 @@ export class AuthProviderEntryDBImpl implements AuthProviderEntryDB {
         await repo.update({ id }, { deleted: true });
     }
 
-    async findAll(exceptOAuthRevisions: string[] = []): Promise<AuthProviderEntry[]> {
-        exceptOAuthRevisions = exceptOAuthRevisions.filter(r => r !== "");  // never filter out '' which means "undefined" in the DB
-
-        const repo = await this.getAuthProviderRepo();
-        let query = repo.createQueryBuilder('auth_provider')
-            .where('auth_provider.deleted != true');
-        if (exceptOAuthRevisions.length > 0) {
-            query = query.andWhere('auth_provider.oauthRevision NOT IN (:...exceptOAuthRevisions)', { exceptOAuthRevisions });
-        }
-        return query.getMany();
-    }
-
-    async findAllHosts(): Promise<string[]> {
-        const hostField: keyof DBAuthProviderEntry = "host";
-
+    async findAll(): Promise<AuthProviderEntry[]> {
         const repo = await this.getAuthProviderRepo();
         const query = repo.createQueryBuilder('auth_provider')
-            .select(hostField)
             .where('auth_provider.deleted != true');
-        const result = (await query.execute()) as Pick<DBAuthProviderEntry, "host">[];
-        return result.map(r => r.host);
+        return query.getMany();
     }
 
     async findByHost(host: string): Promise<AuthProviderEntry | undefined> {
@@ -88,8 +68,4 @@ export class AuthProviderEntryDBImpl implements AuthProviderEntryDB {
         return query.getMany();
     }
 
-    protected oauthContentHash(oauth: AuthProviderEntry["oauth"]): string {
-        const result = createHash('sha256').update(JSON.stringify(oauth)).digest('hex');
-        return result;
-    }
 }
@@ -4,7 +4,7 @@
  * See License-AGPL.txt in the project root for license information.
  */
 
-import { PrimaryColumn, Column, Entity, Index } from "typeorm";
+import { PrimaryColumn, Column, Entity } from "typeorm";
 import { TypeORM } from "../typeorm";
 import { AuthProviderEntry, OAuth2Config } from "@gitpod/gitpod-protocol";
 import { Transformer } from "../transformer";
@@ -37,13 +37,6 @@ export class DBAuthProviderEntry implements AuthProviderEntry {
     })
     oauth: OAuth2Config;
 
-    @Index("ind_oauthRevision")
-    @Column({
-        default: '',
-        transformer: Transformer.MAP_EMPTY_STR_TO_UNDEFINED,
-    })
-    oauthRevision?: string;
-
     @Column()
     deleted?: boolean;
 }
@@ -1171,8 +1171,6 @@ export interface AuthProviderEntry {
     readonly status: AuthProviderEntry.Status;
 
     readonly oauth: OAuth2Config;
-    /** A random string that is to change whenever oauth changes (enforced on DB level) */
-    readonly oauthRevision?: string;
 }
 
 export interface OAuth2Config {

@@ -26,8 +26,8 @@ export class AuthProviderService {
     /**
      * Returns all auth providers.
      */
-    async getAllAuthProviders(exceptOAuthRevisions: string[] = []): Promise<AuthProviderParams[]> {
-        const all = await this.authProviderDB.findAll(exceptOAuthRevisions);
+    async getAllAuthProviders(): Promise<AuthProviderParams[]> {
+        const all = await this.authProviderDB.findAll();
         const transformed = all.map(this.toAuthProviderParams.bind(this));
 
         // as a precaution, let's remove duplicates
@@ -43,10 +43,6 @@ export class AuthProviderService {
         return Array.from(unique.values());
     }
 
-    async getAllAuthProviderHosts(): Promise<string[]> {
-        return this.authProviderDB.findAllHosts();
-    }
-
     protected toAuthProviderParams = (oap: AuthProviderEntry) => <AuthProviderParams>{
         ...oap,
         host: oap.host.toLowerCase(),
@@ -86,14 +82,13 @@ export class AuthProviderService {
             }
 
             // update config on demand
-            const oauth = {
-                ...existing.oauth,
-                clientId: entry.clientId,
-                clientSecret: entry.clientSecret || existing.oauth.clientSecret, // FE may send empty ("") if not changed
-            };
             authProvider = {
                 ...existing,
-                oauth,
+                oauth: {
+                    ...existing.oauth,
+                    clientId: entry.clientId,
+                    clientSecret: entry.clientSecret || existing.oauth.clientSecret, // FE may send empty ("") if not changed
+                },
                 status: "pending",
             }
         } else {
@@ -103,25 +98,24 @@ export class AuthProviderService {
             }
             authProvider = this.initializeNewProvider(entry);
         }
-        return await this.authProviderDB.storeAuthProvider(authProvider as AuthProviderEntry, true);
+        return await this.authProviderDB.storeAuthProvider(authProvider as AuthProviderEntry);
     }
     protected initializeNewProvider(newEntry: AuthProviderEntry.NewEntry): AuthProviderEntry {
         const { host, type, clientId, clientSecret } = newEntry;
         const urls = type === "GitHub" ? githubUrls(host) : (type === "GitLab" ? gitlabUrls(host) : undefined);
         if (!urls) {
             throw new Error("Unexpected service type.");
         }
-        const oauth: AuthProviderEntry["oauth"] = {
-            ...urls,
-            callBackUrl: this.callbackUrl(host),
-            clientId: clientId!,
-            clientSecret: clientSecret!,
-        };
-        return {
+        return <AuthProviderEntry>{
             ...newEntry,
             id: uuidv4(),
             type,
-            oauth,
+            oauth: {
+                ...urls,
+                callBackUrl: this.callbackUrl(host),
+                clientId,
+                clientSecret,
+            },
             status: "pending",
         };
     }
@@ -142,7 +136,7 @@ export class AuthProviderService {
                     ownerId: ownerId,
                     status: "verified"
                 };
-                await this.authProviderDB.storeAuthProvider(ap, true);
+                await this.authProviderDB.storeAuthProvider(ap);
             } else {
                 log.warn("Failed to find the AuthProviderEntry to be activated.", { params, id, ap });
             }