Fix ResponseType data migration #381

Urth · 2020-10-21T15:28:37Z

If oidc provider is used in a multi database setup it may not be used on
the default database alone. And when used in a database mirror setup the
migration could be executed on a different db alias/transaction.

This can cause migration failures because the ReponseType table is
created on the database passed to the migrate command while the data is
inserted in the database returned from the database router.
Depending on the configuration the ResponseType table may not exist for
that database yet or the ResponseType data was already migrated
resulting in a DatabaseError and IntegrityError respectively.

nicwolff · 2021-12-09T06:25:46Z

@juanifioren Please merge this! It's preventing us from upgrading Django.

Urth · 2021-12-09T18:00:08Z

If you can upgrade to Django 3.2 this problem is mitigated by https://code.djangoproject.com/ticket/29052

nicwolff · 2022-01-12T21:29:21Z

This migration still fails in Django 3.2, because the two ORM calls use different connections – note the different PIDs on these log lines:

2022-01-12 21:00:22.670 UTC [37] LOG:  statement: BEGIN
2022-01-12 21:00:22.671 UTC [37] LOG:  statement: CREATE TABLE "oidc_provider_responsetype" ("id" serial NOT NULL PRIMARY KEY, "value" varchar(30) NOT NULL UNIQUE, "description" varchar(50) NOT NULL)
2022-01-12 21:00:22.870 UTC [37] LOG:  statement: CREATE TABLE "oidc_provider_client_response_types" ("id" serial NOT NULL PRIMARY KEY, "client_id" integer NOT NULL, "responsetype_id" integer NOT NULL)
2022-01-12 21:00:22.980 UTC [37] LOG:  statement: INSERT INTO "oidc_provider_responsetype" ("value", "description") VALUES ('code', 'code (Authorization Code Flow)') RETURNING "oidc_provider_responsetype"."id"
2022-01-12 21:00:22.983 UTC [37] LOG:  statement: INSERT INTO "oidc_provider_responsetype" ("value", "description") VALUES ('id_token', 'id_token (Implicit Flow)') RETURNING "oidc_provider_responsetype"."id"
2022-01-12 21:00:22.985 UTC [37] LOG:  statement: INSERT INTO "oidc_provider_responsetype" ("value", "description") VALUES ('id_token token', 'id_token token (Implicit Flow)') RETURNING "oidc_provider_responsetype"."id"
2022-01-12 21:00:22.987 UTC [37] LOG:  statement: INSERT INTO "oidc_provider_responsetype" ("value", "description") VALUES ('code token', 'code token (Hybrid Flow)') RETURNING "oidc_provider_responsetype"."id"
2022-01-12 21:00:22.988 UTC [37] LOG:  statement: INSERT INTO "oidc_provider_responsetype" ("value", "description") VALUES ('code id_token', 'code id_token (Hybrid Flow)') RETURNING "oidc_provider_responsetype"."id"
2022-01-12 21:00:22.990 UTC [37] LOG:  statement: INSERT INTO "oidc_provider_responsetype" ("value", "description") VALUES ('code id_token token', 'code id_token token (Hybrid Flow)') RETURNING "oidc_provider_responsetype"."id"
2022-01-12 21:00:22.999 UTC [38] LOG:  statement: SET TIME ZONE 'UTC'
2022-01-12 21:00:23.001 UTC [38] LOG:  statement: SELECT "oidc_provider_client"."id", "oidc_provider_client"."name", "oidc_provider_client"."client_id", "oidc_provider_client"."client_secret", "oidc_provider_client"."response_type", "oidc_provider_client"."_redirect_uris", "oidc_provider_client"."date_created", "oidc_provider_client"."client_type", "oidc_provider_client"."jwt_alg", "oidc_provider_client"."contact_email", "oidc_provider_client"."logo", "oidc_provider_client"."terms_url", "oidc_provider_client"."website_url", "oidc_provider_client"."_post_logout_redirect_uris", "oidc_provider_client"."require_consent", "oidc_provider_client"."reuse_consent", "oidc_provider_client"."owner_id", "oidc_provider_client"."_scope" FROM "oidc_provider_client"
2022-01-12 21:00:23.005 UTC [38] LOG:  statement: SELECT "oidc_provider_responsetype"."id", "oidc_provider_responsetype"."value", "oidc_provider_responsetype"."description" FROM "oidc_provider_responsetype" WHERE "oidc_provider_responsetype"."value" = '' LIMIT 21
2022-01-12 21:00:23.005 UTC [38] ERROR:  relation "oidc_provider_responsetype" does not exist at character 129
2022-01-12 21:00:23.005 UTC [38] STATEMENT:  SELECT "oidc_provider_responsetype"."id", "oidc_provider_responsetype"."value", "oidc_provider_responsetype"."description" FROM "oidc_provider_responsetype" WHERE "oidc_provider_responsetype"."value" = '' LIMIT 21
2022-01-12 21:00:23.006 UTC [37] LOG:  statement: ROLLBACK

Please merge this!

If oidc provider is used in a multi database setup it may not be used on the default database alone. And when used in a database mirror setup the migration could be executed on a different db alias/transaction. This can cause migration failures because the ReponseType table is created on the database passed to the migrate command while the data is inserted in the database returned from the database router. Depending on the configuration the ResponseType table may not exist for that database yet or the ResponseType data was already migrated resulting in a DatabaseError and IntegrityError respectively.

juanifioren

LGTM! thanks for the contribution

sgalvezortiz mentioned this pull request Oct 29, 2020

Fix/response type migration Unholster/django-oidc-provider#1

Merged

juanifioren force-pushed the fix-response-type-migration branch from e2d1579 to e0db48c Compare December 14, 2023 14:14

juanifioren self-assigned this Dec 14, 2023

juanifioren approved these changes Dec 14, 2023

View reviewed changes

juanifioren merged commit fe9b031 into juanifioren:develop Dec 14, 2023
1 check passed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Fix ResponseType data migration #381

Fix ResponseType data migration #381

Urth commented Oct 21, 2020

nicwolff commented Dec 9, 2021

Urth commented Dec 9, 2021

nicwolff commented Jan 12, 2022

juanifioren left a comment

Fix ResponseType data migration #381

Fix ResponseType data migration #381

Conversation

Urth commented Oct 21, 2020

nicwolff commented Dec 9, 2021

Urth commented Dec 9, 2021

nicwolff commented Jan 12, 2022

juanifioren left a comment

Choose a reason for hiding this comment