From 4f536d65033cf0ef73f1d51427042b7d599d8ec4 Mon Sep 17 00:00:00 2001 From: thumimku Date: Mon, 6 Jan 2025 16:36:35 +0530 Subject: [PATCH] add missing columns for AT Audit table --- .../oauth2/dao/OldTokensCleanDAO.java | 30 +++++++++++++++++-- .../identity/oauth2/dao/SQLQueries.java | 24 ++++++++++----- 2 files changed, 44 insertions(+), 10 deletions(-) diff --git a/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth2/dao/OldTokensCleanDAO.java b/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth2/dao/OldTokensCleanDAO.java index 719d932b75..3560806df0 100644 --- a/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth2/dao/OldTokensCleanDAO.java +++ b/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth2/dao/OldTokensCleanDAO.java @@ -18,11 +18,13 @@ package org.wso2.carbon.identity.oauth2.dao; +import org.apache.commons.lang.StringUtils; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; import org.wso2.carbon.identity.oauth.config.OAuthServerConfiguration; import org.wso2.carbon.identity.oauth2.internal.OAuth2ServiceComponentHolder; import org.wso2.carbon.identity.oauth2.model.OldAccessTokenDO; +import org.wso2.carbon.identity.oauth2.token.bindings.TokenBinding; import java.sql.Connection; import java.sql.PreparedStatement; @@ -31,6 +33,8 @@ import java.sql.Timestamp; import java.util.List; +import static org.wso2.carbon.identity.oauth.common.OAuthConstants.TokenBindings.NONE; + /** * This is DAO class for cleaning old Tokens. When new tokens is generated ,refreshed or revoked old access token * will be moved to Audit table and deleted from the Access token table. Token cleaning process can be enable or @@ -98,8 +102,22 @@ public void cleanupTokenByTokenValue(String token, Connection connection) throws oldAccessTokenObject.setSubjectIdentifier(resultSet.getString(17)); oldAccessTokenObject.setAccessTokenHash(resultSet.getString(18)); oldAccessTokenObject.setRefreshTokenHash(resultSet.getString(19)); + String tokenBindingRef = resultSet.getString(20); + if (StringUtils.isNotBlank(tokenBindingRef)) { + TokenBinding tokenBinding = new TokenBinding(); + tokenBinding.setBindingReference(tokenBindingRef); + oldAccessTokenObject.setTokenBinding(tokenBinding); + } + + String isConsentedToken = resultSet.getString(21); + if (StringUtils.isNotEmpty(isConsentedToken)) { + oldAccessTokenObject.setIsConsentedToken(Boolean.parseBoolean(isConsentedToken)); + } + + oldAccessTokenObject.setAuthorizedOrganizationId(resultSet.getString(22)); + if (OAuth2ServiceComponentHolder.isIDPIdColumnEnabled()) { - oldAccessTokenObject.setIdpId(resultSet.getInt(20)); + oldAccessTokenObject.setIdpId(resultSet.getInt(23)); } } if (OAuthServerConfiguration.getInstance().useRetainOldAccessTokens()) { @@ -138,8 +156,16 @@ private void saveTokenInAuditTable(OldAccessTokenDO oldAccessTokenDAO, Connectio insertintoaudittable.setString(18, oldAccessTokenDAO.getAccessTokenHash()); insertintoaudittable.setString(19, oldAccessTokenDAO.getRefreshTokenHash()); insertintoaudittable.setTimestamp(20, new Timestamp(System.currentTimeMillis())); + if (oldAccessTokenDAO.getTokenBinding() != null && StringUtils + .isNotBlank(oldAccessTokenDAO.getTokenBinding().getBindingReference())) { + insertintoaudittable.setString(21, oldAccessTokenDAO.getTokenBinding().getBindingReference()); + } else { + insertintoaudittable.setString(21, NONE); + } + insertintoaudittable.setString(22, Boolean.toString(oldAccessTokenDAO.isConsentedToken())); + insertintoaudittable.setString(23, oldAccessTokenDAO.getAuthorizedOrganizationId()); if (OAuth2ServiceComponentHolder.isIDPIdColumnEnabled()) { - insertintoaudittable.setInt(21, oldAccessTokenDAO.getIdpId()); + insertintoaudittable.setInt(24, oldAccessTokenDAO.getIdpId()); } insertintoaudittable.execute(); if (log.isDebugEnabled()) { diff --git a/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth2/dao/SQLQueries.java b/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth2/dao/SQLQueries.java index 8abccfe10f..c03994c694 100644 --- a/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth2/dao/SQLQueries.java +++ b/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth2/dao/SQLQueries.java @@ -878,13 +878,15 @@ public class SQLQueries { public static final String RETRIEVE_OLD_TOKEN_BY_TOKEN_HASH = "SELECT TOKEN_ID, ACCESS_TOKEN, REFRESH_TOKEN, " + "CONSUMER_KEY_ID, AUTHZ_USER, TENANT_ID, USER_DOMAIN, USER_TYPE, GRANT_TYPE, TIME_CREATED, " + "REFRESH_TOKEN_TIME_CREATED, VALIDITY_PERIOD, REFRESH_TOKEN_VALIDITY_PERIOD, TOKEN_SCOPE_HASH, " + - "TOKEN_STATE, TOKEN_STATE_ID, SUBJECT_IDENTIFIER, ACCESS_TOKEN_HASH, REFRESH_TOKEN_HASH " + + "TOKEN_STATE, TOKEN_STATE_ID, SUBJECT_IDENTIFIER, ACCESS_TOKEN_HASH, REFRESH_TOKEN_HASH, " + + "TOKEN_BINDING_REF, CONSENTED_TOKEN, AUTHORIZED_ORGANIZATION " + "FROM IDN_OAUTH2_ACCESS_TOKEN WHERE ACCESS_TOKEN_HASH = ?"; public static final String RETRIEVE_OLD_TOKEN_BY_TOKEN_HASH_WITH_IDP_NAME = "SELECT TOKEN_ID, ACCESS_TOKEN, " + "REFRESH_TOKEN, CONSUMER_KEY_ID, AUTHZ_USER, TENANT_ID, USER_DOMAIN, USER_TYPE, GRANT_TYPE, TIME_CREATED," + " REFRESH_TOKEN_TIME_CREATED, VALIDITY_PERIOD, REFRESH_TOKEN_VALIDITY_PERIOD, TOKEN_SCOPE_HASH, " + - "TOKEN_STATE, TOKEN_STATE_ID, SUBJECT_IDENTIFIER, ACCESS_TOKEN_HASH, REFRESH_TOKEN_HASH, IDP_ID FROM " + + "TOKEN_STATE, TOKEN_STATE_ID, SUBJECT_IDENTIFIER, ACCESS_TOKEN_HASH, REFRESH_TOKEN_HASH, " + + "TOKEN_BINDING_REF, CONSENTED_TOKEN, AUTHORIZED_ORGANIZATION, IDP_ID FROM " + "IDN_OAUTH2_ACCESS_TOKEN WHERE ACCESS_TOKEN_HASH = ?"; public static final String INSERT_OAUTH2_ACCESS_TOKEN = "INSERT INTO IDN_OAUTH2_ACCESS_TOKEN (ACCESS_TOKEN, " + @@ -932,33 +934,39 @@ public class SQLQueries { "(TOKEN_ID, ACCESS_TOKEN, REFRESH_TOKEN, CONSUMER_KEY_ID, AUTHZ_USER, TENANT_ID, USER_DOMAIN, USER_TYPE, " + "GRANT_TYPE, TIME_CREATED, REFRESH_TOKEN_TIME_CREATED, VALIDITY_PERIOD, REFRESH_TOKEN_VALIDITY_PERIOD, " + "TOKEN_SCOPE_HASH, TOKEN_STATE, TOKEN_STATE_ID, SUBJECT_IDENTIFIER, ACCESS_TOKEN_HASH, " + - "REFRESH_TOKEN_HASH, INVALIDATED_TIME) VALUES (?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?)"; + "REFRESH_TOKEN_HASH, INVALIDATED_TIME, TOKEN_BINDING_REF, CONSENTED_TOKEN, AUTHORIZED_ORGANIZATION) " + + "VALUES (?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?)"; public static final String STORE_OLD_TOKEN_IN_AUDIT_WITH_IDP_NAME = "INSERT INTO IDN_OAUTH2_ACCESS_TOKEN_AUDIT " + "(TOKEN_ID, ACCESS_TOKEN, REFRESH_TOKEN, CONSUMER_KEY_ID, AUTHZ_USER, TENANT_ID, USER_DOMAIN, USER_TYPE, " + "GRANT_TYPE, TIME_CREATED, REFRESH_TOKEN_TIME_CREATED, VALIDITY_PERIOD, REFRESH_TOKEN_VALIDITY_PERIOD, " + "TOKEN_SCOPE_HASH, TOKEN_STATE, TOKEN_STATE_ID, SUBJECT_IDENTIFIER, ACCESS_TOKEN_HASH, " + - "REFRESH_TOKEN_HASH, INVALIDATED_TIME, IDP_ID) VALUES (?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?)"; + "REFRESH_TOKEN_HASH, INVALIDATED_TIME, TOKEN_BINDING_REF, CONSENTED_TOKEN, AUTHORIZED_ORGANIZATION, " + + "IDP_ID) VALUES (?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?)"; public static final String RETRIEVE_AND_STORE_IN_AUDIT = "INSERT INTO IDN_OAUTH2_ACCESS_TOKEN_AUDIT (TOKEN_ID, ACCESS_TOKEN, REFRESH_TOKEN, CONSUMER_KEY_ID, " + "AUTHZ_USER, TENANT_ID, USER_DOMAIN, USER_TYPE, GRANT_TYPE, TIME_CREATED, " + "REFRESH_TOKEN_TIME_CREATED, VALIDITY_PERIOD, REFRESH_TOKEN_VALIDITY_PERIOD, " + "TOKEN_SCOPE_HASH, TOKEN_STATE, TOKEN_STATE_ID, SUBJECT_IDENTIFIER, ACCESS_TOKEN_HASH, " + - "REFRESH_TOKEN_HASH, INVALIDATED_TIME) SELECT TOKEN_ID, ACCESS_TOKEN, REFRESH_TOKEN, " + + "REFRESH_TOKEN_HASH, INVALIDATED_TIME, TOKEN_BINDING_REF, CONSENTED_TOKEN, " + + "AUTHORIZED_ORGANIZATION) SELECT TOKEN_ID, ACCESS_TOKEN, REFRESH_TOKEN, " + "CONSUMER_KEY_ID, AUTHZ_USER, TENANT_ID, USER_DOMAIN, USER_TYPE, GRANT_TYPE, TIME_CREATED, " + "REFRESH_TOKEN_TIME_CREATED, VALIDITY_PERIOD, REFRESH_TOKEN_VALIDITY_PERIOD, TOKEN_SCOPE_HASH, " + - "TOKEN_STATE, TOKEN_STATE_ID, SUBJECT_IDENTIFIER, ACCESS_TOKEN_HASH, REFRESH_TOKEN_HASH, ? " + + "TOKEN_STATE, TOKEN_STATE_ID, SUBJECT_IDENTIFIER, ACCESS_TOKEN_HASH, REFRESH_TOKEN_HASH, ?, " + + "TOKEN_BINDING_REF, CONSENTED_TOKEN, AUTHORIZED_ORGANIZATION " + "FROM IDN_OAUTH2_ACCESS_TOKEN WHERE TOKEN_ID = ?"; public static final String RETRIEVE_AND_STORE_IN_AUDIT_WITH_IDP_NAME = "INSERT INTO IDN_OAUTH2_ACCESS_TOKEN_AUDIT" + " (TOKEN_ID, ACCESS_TOKEN, REFRESH_TOKEN, CONSUMER_KEY_ID, AUTHZ_USER, TENANT_ID, USER_DOMAIN, USER_TYPE," + " GRANT_TYPE, TIME_CREATED, REFRESH_TOKEN_TIME_CREATED, VALIDITY_PERIOD, REFRESH_TOKEN_VALIDITY_PERIOD, " + "TOKEN_SCOPE_HASH, TOKEN_STATE, TOKEN_STATE_ID, SUBJECT_IDENTIFIER, ACCESS_TOKEN_HASH, " + - "REFRESH_TOKEN_HASH, INVALIDATED_TIME, IDP_ID) SELECT TOKEN_ID, ACCESS_TOKEN, REFRESH_TOKEN, " + + "REFRESH_TOKEN_HASH, INVALIDATED_TIME, IDP_ID, TOKEN_BINDING_REF, CONSENTED_TOKEN, " + + "AUTHORIZED_ORGANIZATION) SELECT TOKEN_ID, ACCESS_TOKEN, REFRESH_TOKEN, " + "CONSUMER_KEY_ID, AUTHZ_USER, TENANT_ID, USER_DOMAIN, USER_TYPE, GRANT_TYPE, TIME_CREATED, " + "REFRESH_TOKEN_TIME_CREATED, VALIDITY_PERIOD, REFRESH_TOKEN_VALIDITY_PERIOD, TOKEN_SCOPE_HASH, " + - "TOKEN_STATE, TOKEN_STATE_ID, SUBJECT_IDENTIFIER, ACCESS_TOKEN_HASH, REFRESH_TOKEN_HASH, ?, IDP_ID " + + "TOKEN_STATE, TOKEN_STATE_ID, SUBJECT_IDENTIFIER, ACCESS_TOKEN_HASH, REFRESH_TOKEN_HASH, ?, IDP_ID, " + + "TOKEN_BINDING_REF, CONSENTED_TOKEN, AUTHORIZED_ORGANIZATION " + "FROM IDN_OAUTH2_ACCESS_TOKEN WHERE TOKEN_ID = ?"; public static final String DELETE_OLD_TOKEN_BY_ID = "DELETE FROM IDN_OAUTH2_ACCESS_TOKEN WHERE TOKEN_ID = ?";