Skip to content

Commit

Permalink
add missing columns for AT Audit table
Browse files Browse the repository at this point in the history
  • Loading branch information
@Thumimku
Thumimku committed Jan 6, 2025
1 parent 092b94b commit 4f536d6
Show file tree
Hide file tree
Showing 2 changed files with 44 additions and 10 deletions.
30 changes: 28 additions & 2 deletions ...n.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth2/dao/OldTokensCleanDAO.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,11 +18,13 @@

package org.wso2.carbon.identity.oauth2.dao;

import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.identity.oauth.config.OAuthServerConfiguration;
import org.wso2.carbon.identity.oauth2.internal.OAuth2ServiceComponentHolder;
import org.wso2.carbon.identity.oauth2.model.OldAccessTokenDO;
import org.wso2.carbon.identity.oauth2.token.bindings.TokenBinding;

import java.sql.Connection;
import java.sql.PreparedStatement;
Expand All @@ -31,6 +33,8 @@
import java.sql.Timestamp;
import java.util.List;

import static org.wso2.carbon.identity.oauth.common.OAuthConstants.TokenBindings.NONE;

/**
* This is DAO class for cleaning old Tokens. When new tokens is generated ,refreshed or revoked old access token
* will be moved to Audit table and deleted from the Access token table. Token cleaning process can be enable or
Expand Down Expand Up @@ -98,8 +102,22 @@ public void cleanupTokenByTokenValue(String token, Connection connection) throws
oldAccessTokenObject.setSubjectIdentifier(resultSet.getString(17));
oldAccessTokenObject.setAccessTokenHash(resultSet.getString(18));
oldAccessTokenObject.setRefreshTokenHash(resultSet.getString(19));
String tokenBindingRef = resultSet.getString(20);
if (StringUtils.isNotBlank(tokenBindingRef)) {
TokenBinding tokenBinding = new TokenBinding();
tokenBinding.setBindingReference(tokenBindingRef);
oldAccessTokenObject.setTokenBinding(tokenBinding);
}

String isConsentedToken = resultSet.getString(21);
if (StringUtils.isNotEmpty(isConsentedToken)) {
oldAccessTokenObject.setIsConsentedToken(Boolean.parseBoolean(isConsentedToken));
}

oldAccessTokenObject.setAuthorizedOrganizationId(resultSet.getString(22));

if (OAuth2ServiceComponentHolder.isIDPIdColumnEnabled()) {
oldAccessTokenObject.setIdpId(resultSet.getInt(20));
oldAccessTokenObject.setIdpId(resultSet.getInt(23));
}
}
if (OAuthServerConfiguration.getInstance().useRetainOldAccessTokens()) {
Expand Down Expand Up @@ -138,8 +156,16 @@ private void saveTokenInAuditTable(OldAccessTokenDO oldAccessTokenDAO, Connectio
insertintoaudittable.setString(18, oldAccessTokenDAO.getAccessTokenHash());
insertintoaudittable.setString(19, oldAccessTokenDAO.getRefreshTokenHash());
insertintoaudittable.setTimestamp(20, new Timestamp(System.currentTimeMillis()));
if (oldAccessTokenDAO.getTokenBinding() != null && StringUtils
.isNotBlank(oldAccessTokenDAO.getTokenBinding().getBindingReference())) {
insertintoaudittable.setString(21, oldAccessTokenDAO.getTokenBinding().getBindingReference());
} else {
insertintoaudittable.setString(21, NONE);
}
insertintoaudittable.setString(22, Boolean.toString(oldAccessTokenDAO.isConsentedToken()));
insertintoaudittable.setString(23, oldAccessTokenDAO.getAuthorizedOrganizationId());
if (OAuth2ServiceComponentHolder.isIDPIdColumnEnabled()) {
insertintoaudittable.setInt(21, oldAccessTokenDAO.getIdpId());
insertintoaudittable.setInt(24, oldAccessTokenDAO.getIdpId());
}
insertintoaudittable.execute();
if (log.isDebugEnabled()) {
Expand Down
24 changes: 16 additions & 8 deletions ...2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth2/dao/SQLQueries.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -878,13 +878,15 @@ public class SQLQueries {
public static final String RETRIEVE_OLD_TOKEN_BY_TOKEN_HASH = "SELECT TOKEN_ID, ACCESS_TOKEN, REFRESH_TOKEN, " +
"CONSUMER_KEY_ID, AUTHZ_USER, TENANT_ID, USER_DOMAIN, USER_TYPE, GRANT_TYPE, TIME_CREATED, " +
"REFRESH_TOKEN_TIME_CREATED, VALIDITY_PERIOD, REFRESH_TOKEN_VALIDITY_PERIOD, TOKEN_SCOPE_HASH, " +
"TOKEN_STATE, TOKEN_STATE_ID, SUBJECT_IDENTIFIER, ACCESS_TOKEN_HASH, REFRESH_TOKEN_HASH " +
"TOKEN_STATE, TOKEN_STATE_ID, SUBJECT_IDENTIFIER, ACCESS_TOKEN_HASH, REFRESH_TOKEN_HASH, " +
"TOKEN_BINDING_REF, CONSENTED_TOKEN, AUTHORIZED_ORGANIZATION " +
"FROM IDN_OAUTH2_ACCESS_TOKEN WHERE ACCESS_TOKEN_HASH = ?";

public static final String RETRIEVE_OLD_TOKEN_BY_TOKEN_HASH_WITH_IDP_NAME = "SELECT TOKEN_ID, ACCESS_TOKEN, " +
"REFRESH_TOKEN, CONSUMER_KEY_ID, AUTHZ_USER, TENANT_ID, USER_DOMAIN, USER_TYPE, GRANT_TYPE, TIME_CREATED," +
" REFRESH_TOKEN_TIME_CREATED, VALIDITY_PERIOD, REFRESH_TOKEN_VALIDITY_PERIOD, TOKEN_SCOPE_HASH, " +
"TOKEN_STATE, TOKEN_STATE_ID, SUBJECT_IDENTIFIER, ACCESS_TOKEN_HASH, REFRESH_TOKEN_HASH, IDP_ID FROM " +
"TOKEN_STATE, TOKEN_STATE_ID, SUBJECT_IDENTIFIER, ACCESS_TOKEN_HASH, REFRESH_TOKEN_HASH, " +
"TOKEN_BINDING_REF, CONSENTED_TOKEN, AUTHORIZED_ORGANIZATION, IDP_ID FROM " +
"IDN_OAUTH2_ACCESS_TOKEN WHERE ACCESS_TOKEN_HASH = ?";

public static final String INSERT_OAUTH2_ACCESS_TOKEN = "INSERT INTO IDN_OAUTH2_ACCESS_TOKEN (ACCESS_TOKEN, " +
Expand Down Expand Up @@ -932,33 +934,39 @@ public class SQLQueries {
"(TOKEN_ID, ACCESS_TOKEN, REFRESH_TOKEN, CONSUMER_KEY_ID, AUTHZ_USER, TENANT_ID, USER_DOMAIN, USER_TYPE, " +
"GRANT_TYPE, TIME_CREATED, REFRESH_TOKEN_TIME_CREATED, VALIDITY_PERIOD, REFRESH_TOKEN_VALIDITY_PERIOD, " +
"TOKEN_SCOPE_HASH, TOKEN_STATE, TOKEN_STATE_ID, SUBJECT_IDENTIFIER, ACCESS_TOKEN_HASH, " +
"REFRESH_TOKEN_HASH, INVALIDATED_TIME) VALUES (?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?)";
"REFRESH_TOKEN_HASH, INVALIDATED_TIME, TOKEN_BINDING_REF, CONSENTED_TOKEN, AUTHORIZED_ORGANIZATION) " +
"VALUES (?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?)";

public static final String STORE_OLD_TOKEN_IN_AUDIT_WITH_IDP_NAME = "INSERT INTO IDN_OAUTH2_ACCESS_TOKEN_AUDIT " +
"(TOKEN_ID, ACCESS_TOKEN, REFRESH_TOKEN, CONSUMER_KEY_ID, AUTHZ_USER, TENANT_ID, USER_DOMAIN, USER_TYPE, " +
"GRANT_TYPE, TIME_CREATED, REFRESH_TOKEN_TIME_CREATED, VALIDITY_PERIOD, REFRESH_TOKEN_VALIDITY_PERIOD, " +
"TOKEN_SCOPE_HASH, TOKEN_STATE, TOKEN_STATE_ID, SUBJECT_IDENTIFIER, ACCESS_TOKEN_HASH, " +
"REFRESH_TOKEN_HASH, INVALIDATED_TIME, IDP_ID) VALUES (?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?)";
"REFRESH_TOKEN_HASH, INVALIDATED_TIME, TOKEN_BINDING_REF, CONSENTED_TOKEN, AUTHORIZED_ORGANIZATION, " +
"IDP_ID) VALUES (?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?)";

public static final String RETRIEVE_AND_STORE_IN_AUDIT =
"INSERT INTO IDN_OAUTH2_ACCESS_TOKEN_AUDIT (TOKEN_ID, ACCESS_TOKEN, REFRESH_TOKEN, CONSUMER_KEY_ID, " +
"AUTHZ_USER, TENANT_ID, USER_DOMAIN, USER_TYPE, GRANT_TYPE, TIME_CREATED, " +
"REFRESH_TOKEN_TIME_CREATED, VALIDITY_PERIOD, REFRESH_TOKEN_VALIDITY_PERIOD, " +
"TOKEN_SCOPE_HASH, TOKEN_STATE, TOKEN_STATE_ID, SUBJECT_IDENTIFIER, ACCESS_TOKEN_HASH, " +
"REFRESH_TOKEN_HASH, INVALIDATED_TIME) SELECT TOKEN_ID, ACCESS_TOKEN, REFRESH_TOKEN, " +
"REFRESH_TOKEN_HASH, INVALIDATED_TIME, TOKEN_BINDING_REF, CONSENTED_TOKEN, " +
"AUTHORIZED_ORGANIZATION) SELECT TOKEN_ID, ACCESS_TOKEN, REFRESH_TOKEN, " +
"CONSUMER_KEY_ID, AUTHZ_USER, TENANT_ID, USER_DOMAIN, USER_TYPE, GRANT_TYPE, TIME_CREATED, " +
"REFRESH_TOKEN_TIME_CREATED, VALIDITY_PERIOD, REFRESH_TOKEN_VALIDITY_PERIOD, TOKEN_SCOPE_HASH, " +
"TOKEN_STATE, TOKEN_STATE_ID, SUBJECT_IDENTIFIER, ACCESS_TOKEN_HASH, REFRESH_TOKEN_HASH, ? " +
"TOKEN_STATE, TOKEN_STATE_ID, SUBJECT_IDENTIFIER, ACCESS_TOKEN_HASH, REFRESH_TOKEN_HASH, ?, " +
"TOKEN_BINDING_REF, CONSENTED_TOKEN, AUTHORIZED_ORGANIZATION " +
"FROM IDN_OAUTH2_ACCESS_TOKEN WHERE TOKEN_ID = ?";

public static final String RETRIEVE_AND_STORE_IN_AUDIT_WITH_IDP_NAME = "INSERT INTO IDN_OAUTH2_ACCESS_TOKEN_AUDIT" +
" (TOKEN_ID, ACCESS_TOKEN, REFRESH_TOKEN, CONSUMER_KEY_ID, AUTHZ_USER, TENANT_ID, USER_DOMAIN, USER_TYPE," +
" GRANT_TYPE, TIME_CREATED, REFRESH_TOKEN_TIME_CREATED, VALIDITY_PERIOD, REFRESH_TOKEN_VALIDITY_PERIOD, " +
"TOKEN_SCOPE_HASH, TOKEN_STATE, TOKEN_STATE_ID, SUBJECT_IDENTIFIER, ACCESS_TOKEN_HASH, " +
"REFRESH_TOKEN_HASH, INVALIDATED_TIME, IDP_ID) SELECT TOKEN_ID, ACCESS_TOKEN, REFRESH_TOKEN, " +
"REFRESH_TOKEN_HASH, INVALIDATED_TIME, IDP_ID, TOKEN_BINDING_REF, CONSENTED_TOKEN, " +
"AUTHORIZED_ORGANIZATION) SELECT TOKEN_ID, ACCESS_TOKEN, REFRESH_TOKEN, " +
"CONSUMER_KEY_ID, AUTHZ_USER, TENANT_ID, USER_DOMAIN, USER_TYPE, GRANT_TYPE, TIME_CREATED, " +
"REFRESH_TOKEN_TIME_CREATED, VALIDITY_PERIOD, REFRESH_TOKEN_VALIDITY_PERIOD, TOKEN_SCOPE_HASH, " +
"TOKEN_STATE, TOKEN_STATE_ID, SUBJECT_IDENTIFIER, ACCESS_TOKEN_HASH, REFRESH_TOKEN_HASH, ?, IDP_ID " +
"TOKEN_STATE, TOKEN_STATE_ID, SUBJECT_IDENTIFIER, ACCESS_TOKEN_HASH, REFRESH_TOKEN_HASH, ?, IDP_ID, " +
"TOKEN_BINDING_REF, CONSENTED_TOKEN, AUTHORIZED_ORGANIZATION " +
"FROM IDN_OAUTH2_ACCESS_TOKEN WHERE TOKEN_ID = ?";

public static final String DELETE_OLD_TOKEN_BY_ID = "DELETE FROM IDN_OAUTH2_ACCESS_TOKEN WHERE TOKEN_ID = ?";
Expand Down

0 comments on commit 4f536d6

Please sign in to comment.