feat: add column identity_id to identity_credential_identifiers and session_devices

alnr · ory-bot · commit 57b099f24ce9 · 2025-11-11T11:57:23.000Z
GitOrigin-RevId: a8fc43b6bba9119a2d9472343eede30978ee72d7
diff --git a/identity/credentials.go b/identity/credentials.go
@@ -215,17 +215,14 @@ func (c Credentials) Signature() string {
 type (
 	// swagger:ignore
 	CredentialIdentifier struct {
-		ID         uuid.UUID `db:"id"`
-		Identifier string    `db:"identifier"`
-		// IdentityCredentialsID is a helper struct field for gobuffalo.pop.
-		IdentityCredentialsID uuid.UUID `json:"-" db:"identity_credential_id"`
-		// IdentityCredentialsTypeID is a helper struct field for gobuffalo.pop.
-		IdentityCredentialsTypeID uuid.UUID `json:"-" db:"identity_credential_type_id"`
-		// CreatedAt is a helper struct field for gobuffalo.pop.
-		CreatedAt time.Time `json:"created_at" db:"created_at"`
-		// UpdatedAt is a helper struct field for gobuffalo.pop.
-		UpdatedAt time.Time `json:"updated_at" db:"updated_at"`
-		NID       uuid.UUID `json:"-"  faker:"-" db:"nid"`
+		ID                        uuid.UUID  `db:"id"`
+		Identifier                string     `db:"identifier"`
+		IdentityID                *uuid.UUID `json:"-" db:"identity_id"`
+		IdentityCredentialsID     uuid.UUID  `json:"-" db:"identity_credential_id"`
+		IdentityCredentialsTypeID uuid.UUID  `json:"-" db:"identity_credential_type_id"`
+		CreatedAt                 time.Time  `json:"created_at" db:"created_at"`
+		UpdatedAt                 time.Time  `json:"updated_at" db:"updated_at"`
+		NID                       uuid.UUID  `json:"-"  faker:"-" db:"nid"`
 	}
 
 	// swagger:ignore
diff --git a/identity/test/pool.go b/identity/test/pool.go
@@ -1420,7 +1420,6 @@ func TestPool(ctx context.Context, p persistence.Persister, m *identity.Manager,
 						})
 					})
 				}
-
 			})
 
 			t.Run("case=create and update and find", func(t *testing.T) {
@@ -1547,8 +1546,8 @@ func TestPool(ctx context.Context, p persistence.Persister, m *identity.Manager,
 			require.NoError(t, p.GetConnection(ctx).RawQuery("INSERT INTO identity_credentials (id, identity_id, nid, identity_credential_type_id, created_at, updated_at, config) VALUES (?, ?, ?, ?, ?, ?, '{}')", cid2, iid, nid2, m[0].ID, time.Now(), time.Now()).Exec())
 
 			ici1, ici2 := x.NewUUID(), x.NewUUID()
-			require.NoError(t, p.GetConnection(ctx).RawQuery("INSERT INTO identity_credential_identifiers (id, identity_credential_id, nid, identifier, created_at, updated_at, identity_credential_type_id) VALUES (?, ?, ?, ?, ?, ?, ?)", ici1, cid1, nid1, "nid1", time.Now(), time.Now(), m[0].ID).Exec())
-			require.NoError(t, p.GetConnection(ctx).RawQuery("INSERT INTO identity_credential_identifiers (id, identity_credential_id, nid, identifier, created_at, updated_at, identity_credential_type_id) VALUES (?, ?, ?, ?, ?, ?, ?)", ici2, cid2, nid2, "nid2", time.Now(), time.Now(), m[0].ID).Exec())
+			require.NoError(t, p.GetConnection(ctx).RawQuery("INSERT INTO identity_credential_identifiers (id, identity_id, identity_credential_id, nid, identifier, created_at, updated_at, identity_credential_type_id) VALUES (?, ?, ?, ?, ?, ?, ?, ?)", ici1, iid, cid1, nid1, "nid1", time.Now(), time.Now(), m[0].ID).Exec())
+			require.NoError(t, p.GetConnection(ctx).RawQuery("INSERT INTO identity_credential_identifiers (id, identity_id, identity_credential_id, nid, identifier, created_at, updated_at, identity_credential_type_id) VALUES (?, ?, ?, ?, ?, ?, ?, ?)", ici2, iid, cid2, nid2, "nid2", time.Now(), time.Now(), m[0].ID).Exec())
 
 			_, err := p.GetIdentity(ctx, nid1, identity.ExpandNothing)
 			require.ErrorIs(t, err, sqlcon.ErrNoRows)
diff --git a/persistence/sql/identity/persister_identity.go b/persistence/sql/identity/persister_identity.go
@@ -347,6 +347,7 @@ func (p *IdentityPersister) createIdentityCredentials(ctx context.Context, conn
 
 			identifiers = append(identifiers, &identity.CredentialIdentifier{
 				Identifier:                identifier,
+				IdentityID:                pointerx.Ptr(cred.IdentityID),
 				IdentityCredentialsID:     cred.ID,
 				IdentityCredentialsTypeID: ct,
 				NID:                       p.NetworkID(ctx),
@@ -1441,7 +1442,6 @@ LIMIT 10
 		p.NetworkID(ctx),
 	).
 		All(&recoveryAddresses)
-
 	if err != nil {
 		return nil, sqlcon.HandleError(err)
 	}
diff --git a/persistence/sql/migratest/migration_test.go b/persistence/sql/migratest/migration_test.go
@@ -21,6 +21,7 @@ import (
 	"github.com/ory/kratos/driver"
 	"github.com/ory/kratos/driver/config"
 	"github.com/ory/kratos/identity"
+	"github.com/ory/kratos/persistence/sql"
 	"github.com/ory/kratos/selfservice/flow/login"
 	"github.com/ory/kratos/selfservice/flow/recovery"
 	"github.com/ory/kratos/selfservice/flow/registration"
@@ -32,8 +33,10 @@ import (
 	"github.com/ory/kratos/x"
 	"github.com/ory/pop/v6"
 	"github.com/ory/x/configx"
+	"github.com/ory/x/fsx"
 	"github.com/ory/x/logrusx"
 	"github.com/ory/x/migratest"
+	"github.com/ory/x/networkx"
 	"github.com/ory/x/pagination/keysetpagination"
 	"github.com/ory/x/popx"
 	"github.com/ory/x/sqlcon"
@@ -119,7 +122,7 @@ func testDatabase(t *testing.T, db string, c *pop.Connection) {
 	require.NoError(t, c.Open())
 
 	tm, err := popx.NewMigrationBox(
-		os.DirFS("../migrations/sql"),
+		fsx.Merge(sql.Migrations, networkx.Migrations),
 		c, l,
 		popx.WithTestdata(t, os.DirFS("./testdata")),
 		popx.WithDumpMigrations(),
diff --git a/persistence/sql/migrations/sql/20251104000000000000_identifiers_devices_identity_id.down.sql b/persistence/sql/migrations/sql/20251104000000000000_identifiers_devices_identity_id.down.sql
@@ -0,0 +1,2 @@
+ALTER TABLE identity_credential_identifiers DROP COLUMN identity_id;
+ALTER TABLE session_devices DROP COLUMN identity_id;
diff --git a/persistence/sql/migrations/sql/20251104000000000000_identifiers_devices_identity_id.mysql.up.sql b/persistence/sql/migrations/sql/20251104000000000000_identifiers_devices_identity_id.mysql.up.sql
@@ -0,0 +1,2 @@
+ALTER TABLE identity_credential_identifiers ADD COLUMN identity_id char(36) NULL;
+ALTER TABLE session_devices ADD COLUMN identity_id char(36) NULL;
diff --git a/persistence/sql/migrations/sql/20251104000000000000_identifiers_devices_identity_id.sqlite.down.sql b/persistence/sql/migrations/sql/20251104000000000000_identifiers_devices_identity_id.sqlite.down.sql
@@ -0,0 +1,50 @@
+-- For SQLite, we do all operations in a single migration for simplicity.
+
+CREATE TABLE "_identity_credential_identifiers_tmp" (
+"id" TEXT PRIMARY KEY,
+"identifier" TEXT NOT NULL,
+"identity_credential_id" char(36) NOT NULL,
+"created_at" DATETIME NOT NULL,
+"updated_at" DATETIME NOT NULL,
+"nid" char(36),
+"identity_credential_type_id" char(36) NOT NULL,
+FOREIGN KEY (identity_credential_id) REFERENCES identity_credentials (id) ON UPDATE NO ACTION ON DELETE CASCADE
+);
+
+INSERT INTO _identity_credential_identifiers_tmp (id, identifier, identity_credential_id, created_at, updated_at, nid, identity_credential_type_id)
+    SELECT id, identifier, identity_credential_id, created_at, updated_at, nid, identity_credential_type_id
+    FROM identity_credential_identifiers;
+
+DROP TABLE identity_credential_identifiers;
+ALTER TABLE "_identity_credential_identifiers_tmp" RENAME TO "identity_credential_identifiers";
+
+
+CREATE UNIQUE INDEX "identity_credential_identifiers_identifier_nid_type_uq_idx" ON "identity_credential_identifiers" (nid, identity_credential_type_id, identifier);
+CREATE INDEX identity_credential_identifiers_nid_i_ici_idx ON "identity_credential_identifiers" (nid, identifier, identity_credential_id);
+CREATE INDEX identity_credential_identifiers_ici_nid_i_idx ON "identity_credential_identifiers" (identity_credential_id ASC, nid ASC, identifier ASC);
+
+
+CREATE TABLE IF NOT EXISTS "_session_devices_tmp"
+(
+  "id"         UUID PRIMARY KEY NOT NULL,
+  "ip_address" VARCHAR(50)  DEFAULT '',
+  "user_agent" VARCHAR(512) DEFAULT '',
+  "location"   VARCHAR(512) DEFAULT '',
+  "nid"        UUID             NOT NULL,
+  "session_id" UUID             NOT NULL,
+  "created_at" timestamp        NOT NULL,
+  "updated_at" timestamp        NOT NULL,
+  CONSTRAINT "session_metadata_sessions_id_fk" FOREIGN KEY ("session_id") REFERENCES "sessions" ("id") ON DELETE cascade,
+  CONSTRAINT "session_metadata_nid_fk" FOREIGN KEY ("nid") REFERENCES "networks" ("id") ON DELETE cascade,
+  CONSTRAINT unique_session_device UNIQUE (nid, session_id, ip_address, user_agent)
+);
+
+INSERT INTO "_session_devices_tmp" (id, ip_address, user_agent, location, nid, session_id, created_at, updated_at)
+    SELECT id, ip_address, user_agent, location, nid, session_id, created_at, updated_at
+    FROM session_devices;
+
+DROP TABLE session_devices;
+ALTER TABLE "_session_devices_tmp" RENAME TO "session_devices";
+
+CREATE INDEX session_devices_nid_idx ON session_devices (nid ASC);
+CREATE INDEX session_devices_session_id_idx ON session_devices (session_id ASC);
diff --git a/persistence/sql/migrations/sql/20251104000000000000_identifiers_devices_identity_id.sqlite.up.sql b/persistence/sql/migrations/sql/20251104000000000000_identifiers_devices_identity_id.sqlite.up.sql
@@ -0,0 +1,57 @@
+-- For SQLite, we do all operations in a single migration for simplicity.
+
+CREATE TABLE IF NOT EXISTS "_identity_credential_identifiers_tmp" (
+"id" TEXT PRIMARY KEY,
+"identifier" TEXT NOT NULL,
+"identity_credential_id" char(36) NOT NULL,
+"created_at" DATETIME NOT NULL,
+"updated_at" DATETIME NOT NULL,
+"nid" char(36),
+"identity_credential_type_id" char(36) NOT NULL,
+"identity_id" char(36) NOT NULL,
+FOREIGN KEY (identity_id) REFERENCES identities (id) ON UPDATE RESTRICT ON DELETE CASCADE,
+FOREIGN KEY (nid) REFERENCES networks (id) ON UPDATE RESTRICT ON DELETE CASCADE,
+FOREIGN KEY (identity_credential_id) REFERENCES identity_credentials (id) ON UPDATE RESTRICT ON DELETE CASCADE,
+FOREIGN KEY (identity_credential_type_id) REFERENCES identity_credential_types (id) ON UPDATE RESTRICT ON DELETE CASCADE
+);
+
+
+INSERT INTO _identity_credential_identifiers_tmp (id, identifier, identity_credential_id, created_at, updated_at, nid, identity_credential_type_id, identity_id)
+    SELECT ici.id, ici.identifier, ici.identity_credential_id, ici.created_at, ici.updated_at, ici.nid, ici.identity_credential_type_id, ic.identity_id
+    FROM identity_credential_identifiers ici
+        INNER JOIN identity_credentials ic ON ici.identity_credential_id = ic.id AND ici.nid = ic.nid;
+
+DROP TABLE identity_credential_identifiers;
+ALTER TABLE "_identity_credential_identifiers_tmp" RENAME TO "identity_credential_identifiers";
+
+CREATE UNIQUE INDEX "identity_credential_identifiers_identifier_nid_type_uq_idx" ON "identity_credential_identifiers" (nid, identity_credential_type_id, identifier);
+CREATE INDEX identity_credential_identifiers_nid_i_ici_idx ON "identity_credential_identifiers" (nid, identifier, identity_credential_id);
+CREATE INDEX identity_credential_identifiers_ici_nid_i_idx ON "identity_credential_identifiers" (identity_credential_id ASC, nid ASC, identifier ASC);
+
+
+CREATE TABLE IF NOT EXISTS "_session_devices_tmp"
+(
+  "id"         UUID PRIMARY KEY NOT NULL,
+  "identity_id" UUID NOT NULL,
+  "ip_address" VARCHAR(50)  DEFAULT '',
+  "user_agent" VARCHAR(512) DEFAULT '',
+  "location"   VARCHAR(512) DEFAULT '',
+  "nid"        UUID             NOT NULL,
+  "session_id" UUID             NOT NULL,
+  "created_at" timestamp        NOT NULL,
+  "updated_at" timestamp        NOT NULL,
+  CONSTRAINT "session_metadata_sessions_id_fk" FOREIGN KEY ("session_id") REFERENCES "sessions" ("id") ON DELETE cascade,
+  CONSTRAINT "session_metadata_nid_fk" FOREIGN KEY ("nid") REFERENCES "networks" ("id") ON DELETE cascade,
+  CONSTRAINT "session_devices_identity_id_fk" FOREIGN KEY ("identity_id") REFERENCES "identities" ("id") ON DELETE cascade,
+  CONSTRAINT unique_session_device UNIQUE (nid, session_id, ip_address, user_agent)
+);
+
+INSERT INTO "_session_devices_tmp" (id, identity_id, ip_address, user_agent, location, nid, session_id, created_at, updated_at)
+    SELECT sd.id, s.identity_id, sd.ip_address, sd.user_agent, sd.location, sd.nid, sd.session_id, sd.created_at, sd.updated_at
+    FROM session_devices sd JOIN sessions s ON sd.session_id = s.id;
+
+DROP TABLE session_devices;
+ALTER TABLE "_session_devices_tmp" RENAME TO "session_devices";
+
+CREATE INDEX session_devices_nid_idx ON session_devices (nid ASC);
+CREATE INDEX session_devices_session_id_idx ON session_devices (session_id ASC);
diff --git a/persistence/sql/migrations/sql/20251104000000000000_identifiers_devices_identity_id.up.sql b/persistence/sql/migrations/sql/20251104000000000000_identifiers_devices_identity_id.up.sql
@@ -0,0 +1,2 @@
+ALTER TABLE identity_credential_identifiers ADD COLUMN identity_id UUID NULL;
+ALTER TABLE session_devices ADD COLUMN identity_id UUID NULL;
diff --git a/persistence/sql/persister_session.go b/persistence/sql/persister_session.go
@@ -286,6 +286,7 @@ func (p *Persister) UpsertSession(ctx context.Context, s *session.Session) (err
 			device := &(s.Devices[i])
 			device.SessionID = s.ID
 			device.NID = s.NID
+			device.IdentityID = pointerx.Ptr(s.IdentityID)
 
 			if device.Location != nil {
 				device.Location = pointerx.Ptr(stringsx.TruncateByteLen(*device.Location, SessionDeviceLocationMaxLength))
diff --git a/session/session.go b/session/session.go
@@ -61,7 +61,8 @@ type Device struct {
 	// Last updated at
 	UpdatedAt time.Time `json:"-" faker:"-" db:"updated_at"`
 
-	NID uuid.UUID `json:"-"  faker:"-" db:"nid"`
+	NID        uuid.UUID  `json:"-"  faker:"-" db:"nid"`
+	IdentityID *uuid.UUID `json:"-"  faker:"-" db:"identity_id"`
 }
 
 func (Device) TableName() string { return "session_devices" }
@@ -251,8 +252,9 @@ func NewInactiveSession() *Session {
 
 func (s *Session) SetSessionDeviceInformation(r *http.Request) {
 	device := Device{
-		SessionID: s.ID,
-		IPAddress: pointerx.Ptr(httpx.ClientIP(r)),
+		SessionID:  s.ID,
+		IdentityID: pointerx.Ptr(s.IdentityID),
+		IPAddress:  pointerx.Ptr(httpx.ClientIP(r)),
 	}
 
 	agent := r.Header["User-Agent"]
diff --git a/session/test/persistence.go b/session/test/persistence.go
@@ -87,6 +87,7 @@ func TestPersister(ctx context.Context, conf *config.Config, p interface {
 					assert.Equal(t, *expected.Devices[i].IPAddress, *d.IPAddress)
 					assert.Equal(t, expected.Devices[i].UserAgent, d.UserAgent)
 					assert.Equal(t, *expected.Devices[i].Location, *d.Location)
+					assert.Equal(t, *expected.Devices[i].IdentityID, *d.IdentityID)
 				}
 			}
 

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,2 @@`
	`1`	`+ALTER TABLE identity_credential_identifiers DROP COLUMN identity_id;`
	`2`	`+ALTER TABLE session_devices DROP COLUMN identity_id;`
Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,2 @@`
	`1`	`+ALTER TABLE identity_credential_identifiers ADD COLUMN identity_id char(36) NULL;`
	`2`	`+ALTER TABLE session_devices ADD COLUMN identity_id char(36) NULL;`