fix: remove unique constraint on OAuth2 provider app names (#18669)

# Remove unique constraint on OAuth2 provider app names This PR removes the unique constraint on the `name` field in the `oauth2_provider_apps` table to comply with RFC 7591, which only requires unique client IDs, not unique client names. Changes include: - Removing the unique constraint from the database schema - Adding migration files for both up and down migrations - Removing the name uniqueness check in the in-memory database implementation - Updating the unique constraint constants Change-Id: Iae7a1a06546fbc8de541a52e291f8a4510d57e8a Signed-off-by: Thomas Kosiewski <tk@coder.com>
2025-07-06 15:41:45 +00:00 · 2025-07-03 19:13:13 +02:00
parent 90a875d916
commit 60b08f0960
6 changed files with 66 additions and 27 deletions
--- a/coderd/database/dbmem/dbmem.go
+++ b/coderd/database/dbmem/dbmem.go
@ -8983,12 +8983,6 @@ func (q *FakeQuerier) InsertOAuth2ProviderApp(_ context.Context, arg database.In
 	q.mutex.Lock()
 	defer q.mutex.Unlock()

-	for _, app := range q.oauth2ProviderApps {
-		if app.Name == arg.Name {
-			return database.OAuth2ProviderApp{}, errUniqueConstraint
-		}
-	}
-
 	//nolint:gosimple // Go wants database.OAuth2ProviderApp(arg), but we cannot be sure the structs will remain identical.
 	app := database.OAuth2ProviderApp{
 		ID:                      arg.ID,
--- a/coderd/database/dump.sql
+++ b/coderd/database/dump.sql
@ -2494,9 +2494,6 @@ ALTER TABLE ONLY oauth2_provider_app_tokens
 ALTER TABLE ONLY oauth2_provider_app_tokens
    ADD CONSTRAINT oauth2_provider_app_tokens_pkey PRIMARY KEY (id);

-ALTER TABLE ONLY oauth2_provider_apps
-    ADD CONSTRAINT oauth2_provider_apps_name_key UNIQUE (name);
-
 ALTER TABLE ONLY oauth2_provider_apps
    ADD CONSTRAINT oauth2_provider_apps_pkey PRIMARY KEY (id);

--- a/coderd/database/migrations/000348_remove_oauth2_app_name_unique_constraint.down.sql
+++ b/coderd/database/migrations/000348_remove_oauth2_app_name_unique_constraint.down.sql
@ -0,0 +1,3 @@
+-- Restore unique constraint on oauth2_provider_apps.name for rollback
+-- Note: This rollback may fail if duplicate names exist in the database
+ALTER TABLE oauth2_provider_apps ADD CONSTRAINT oauth2_provider_apps_name_key UNIQUE (name);
--- a/coderd/database/migrations/000348_remove_oauth2_app_name_unique_constraint.up.sql
+++ b/coderd/database/migrations/000348_remove_oauth2_app_name_unique_constraint.up.sql
@ -0,0 +1,3 @@
+-- Remove unique constraint on oauth2_provider_apps.name to comply with RFC 7591
+-- RFC 7591 does not require unique client names, only unique client IDs
+ALTER TABLE oauth2_provider_apps DROP CONSTRAINT oauth2_provider_apps_name_key;
--- a/coderd/database/unique_constraint.go
+++ b/coderd/database/unique_constraint.go
@ -36,7 +36,6 @@ const (
 	UniqueOauth2ProviderAppSecretsSecretPrefixKey             UniqueConstraint = "oauth2_provider_app_secrets_secret_prefix_key"                   // ALTER TABLE ONLY oauth2_provider_app_secrets ADD CONSTRAINT oauth2_provider_app_secrets_secret_prefix_key UNIQUE (secret_prefix);
 	UniqueOauth2ProviderAppTokensHashPrefixKey                UniqueConstraint = "oauth2_provider_app_tokens_hash_prefix_key"                      // ALTER TABLE ONLY oauth2_provider_app_tokens ADD CONSTRAINT oauth2_provider_app_tokens_hash_prefix_key UNIQUE (hash_prefix);
 	UniqueOauth2ProviderAppTokensPkey                         UniqueConstraint = "oauth2_provider_app_tokens_pkey"                                 // ALTER TABLE ONLY oauth2_provider_app_tokens ADD CONSTRAINT oauth2_provider_app_tokens_pkey PRIMARY KEY (id);
-	UniqueOauth2ProviderAppsNameKey                           UniqueConstraint = "oauth2_provider_apps_name_key"                                   // ALTER TABLE ONLY oauth2_provider_apps ADD CONSTRAINT oauth2_provider_apps_name_key UNIQUE (name);
 	UniqueOauth2ProviderAppsPkey                              UniqueConstraint = "oauth2_provider_apps_pkey"                                       // ALTER TABLE ONLY oauth2_provider_apps ADD CONSTRAINT oauth2_provider_apps_pkey PRIMARY KEY (id);
 	UniqueOrganizationMembersPkey                             UniqueConstraint = "organization_members_pkey"                                       // ALTER TABLE ONLY organization_members ADD CONSTRAINT organization_members_pkey PRIMARY KEY (organization_id, user_id);
 	UniqueOrganizationsPkey                                   UniqueConstraint = "organizations_pkey"                                              // ALTER TABLE ONLY organizations ADD CONSTRAINT organizations_pkey PRIMARY KEY (id);